-
Important that the API uses constant time checks (bitwise XOR) for checking credentials, to protect against timing attacks
Relevant spots to cover:
- [ ] Checking admin JWTs
- [ ] Checking admin log…
-
Even if #21 is removed, I think the website *may* be able to deduce when it's served 'locally' through ssh tunnel, fiddler etc.
A public website served locally could:
- Use timing attacks between …
-
### Context
Currently a user can try to login with a bad password as much as he wants, which means the site is vulnerable to brute force attacks. This means users accounts can be compromised.
##…
-
Følgende api i `server\src\api\public\auth.ts` er sårbar for timing angrep:
```typescript
router.post("/auth/magic-link",
validateBody(MagicLinkPayloadSchema),
(req, res) => {
…
-
Putting this here since the rules request is a result of a Megamek game. Apparently in the start of swarm phase the we are allowing damage to the swarming unit. I haven't actually tested this in game…
-
My understanding is that we're concerned that any function over the secret-key (or something derived from it), must take time independent of the input value. Here are possible issues I see
- [ ] `scal…
alex updated
10 years ago
-
Do we need to make the field arithmetic resistant to timing attacks?
For example, removing the final conditional branch in the Montgomery multiplication or making the computation of the modular inver…
-
https://github.com/gkouziik/eslint-plugin-security-node/blob/master/docs/rules/detect-possible-timing-attacks.md
```js
public getOneTimeAdminAuthTokenForWorkspaceSync(workspaceID: string): strin…
-
By storing private keys in lua strings < LUAI_MAXSHORTLEN (40) characters long, you're exposing them to a potential timing attack due to interning.
Please return keys inside of some type of userdat…
-
For the last few days, everyone has been talking about [the new branch prediction/cache/timing attacks](https://spectreattack.com). I've been thinking, maybe this is a good opportunity for CloudABI?
…