@suggestions   @rss   @archive   @codeforpeople.com     @random   @radio[:m3u|:pls|:ruby]   @family   @neighbors  @twitter 



August 13
I’ll be blunt here: any Java application which compares client-provided data to a secret value using MessageDigest.isEqual is vulnerable to timing attacks. This includes HMACs, decryption results, etc. A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) | codahale.com
Comments (View)
blog comments powered by Disqus