durusmail: quixote-users: Timing attacks against session cookies
Timing attacks against session cookies
2010-07-26
Neil Schemenauer
2010-07-26
Binger David
2010-07-26
Neil Schemenauer
2010-07-26
Binger David
2010-08-04
Neil Schemenauer
2010-07-27
Robert Ladyman
Timing attacks against session cookies
Neil Schemenauer
2010-07-26
On Mon, Jul 26, 2010 at 10:08:18AM -0400, Binger David wrote:
> What if hash lookup failures do no return until they have completed
> a randomized time-obscuring operation?

That makes the attack more difficult (more attempts needed) but
doesn't prevent it.

  Neil
reply