Seriously KeePass? Just fix the damn timing attack instead of wasting time explaining why it's not an issue. http://keepass.info/help/kb/sec_issues.html …
-
-
Replying to @CiPHPerCoder
I dunno, understanding your threat model is important.
1 reply 0 retweets 3 likes -
Replying to @taviso
That's certainly true, but this particular problem is always a quick fix. The docs read like, "this is why we're not fixing it".
2 replies 0 retweets 0 likes -
Replying to @CiPHPerCoder @taviso
Google Sync is worse and it's also tagged with "won't fix" https://chromium.googlesource.com/chromium/chromium/+/master/sync/util/nigori.cc#229 … https://chromium.googlesource.com/chromium/chromium/+/master/sync/util/nigori_unittest.cc#51 ….
1 reply 0 retweets 0 likes
Replying to @Sc00bzT @CiPHPerCoder
memcmp() in glibc is even worse than that, we should rm /lib/libc.so.6 in protest.
7:43 AM - 20 Mar 2017
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.