durusmail: quixote-users: Timing attacks against session cookies
Timing attacks against session cookies
2010-07-26
2010-07-26
2010-07-27
Timing attacks against session cookies
Neil Schemenauer
2010-08-04
On Mon, Jul 26, 2010 at 11:02:11AM -0400, Binger David wrote:
> Okay, what if the algorithm ensures that some
> fixed amount of time passes for hash lookup failures?

I think that would work or at least make attacks very difficult.

  Neil
reply