@wycats @littlecalculist Regarding SharedArrayBuffers, what's the plan for handling the timing attacks that they make possible?
-
-
Prevent it from being called too often? Do something that affects side channel attacks but not the actual use case.
-
I'll have to think about it though.
-
but if you have anything that could work, me&my colleagues would love to discuss & try to break it ;)
-
Basic idea was to have a backoff on http://performance.now ().
-
Keeps it accurate for performance measurement but it means that it cannot be called in rapid succession.
-
not convinced that helps. we have already performed attacks without any timing interfaces in the past
-
Fair. Had a log discussion with
@wycats about this yesterday :) -
Overall I'm really pumped to see SABs happening, just concerned about AES/RSA SC attacks.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.