@jcoglan Even in-memory lookups with bsearch() are vulnerable. Attack binary search (on keys) with binary search (on timing).
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jcoglan Regarding databases, there was an excellent paper on the subject: http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=researcher&page=Damian_Saura&file=publication%2FFutoranskySauraWaissbein_2007-paper-BH%2FFutoranskySauraWaissbein_2007-paper-BH.pdf …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jcoglan Indexing a hash of the key instead of the key itself is the way to fix it.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jcoglan (NSSEC3, yay... ok, that's a bad example...)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jcoglan Looks good. Is hashify keyed?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jcoglan Use a HMAC, not SHA1(token) in hashify.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@jcoglan Even MD5 would be fine in this context. But this is also a good use case for SipHash.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.