On 02/19/19 06:11 AM, Alexei Podtelezhnikov wrote:
an unprivileged attacker could potentially utilize flush+reload cache 
side-channel attack to measure the execution time of said subroutine to infer 
user input.

Isn't it why my passwords show up as ●●●●●●●●● in sensible applications?

From the paper it seems the problem is mainly in those apps, mainly mobile,
that show the character for a second before transforming to a star or
bullet, to help people notice when they fat-fingered on their touch
screen keyboard.


--
        -Alan Coopersmith-               alan.coopersm...@oracle.com
         Oracle Solaris Engineering - https://blogs.oracle.com/alanc

_______________________________________________
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Reply via email to