tmate.io page talks about a lot of security features, but many of them won't actually help /cc @bascule
Nice product idea though
@raggi sleeping randomly is *one* way to prevent timing attacks o_O ...but they never defined a threat model
-
-
@bascule pretty sure the random jitter can be ignored over a large enough sample size, especially if there's common order mismatch (likely) -
@raggi the usual way to prevent that sort of thing is to provide constant time behavior rather than adding random skew -
-
-
@nviennot@raggi being on the open Internet is "good enough". Rate limiting is also helpful. Random sleeps aren't: http://events.ccc.de/congress/2012/Fahrplan/events/5044.en.html … -
-
-
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.