On Tue, Feb 19, 2019 at 7:18 PM Alan Coopersmith <alan.coopersm...@oracle.com> wrote: > > On 02/19/19 06:11 AM, Alexei Podtelezhnikov wrote: > >> an unprivileged attacker could potentially utilize flush+reload cache > >> side-channel attack to measure the execution time of said subroutine to > >> infer user input. > > > > Isn't it why my passwords show up as ●●●●●●●●● in sensible applications? > > From the paper it seems the problem is mainly in those apps, mainly mobile, > that show the character for a second before transforming to a star or > bullet, to help people notice when they fat-fingered on their touch > screen keyboard.
Well, the old-style solution here is to load multiple glyphs at the same time, like one unicode block (256 chars), or in 16 char "blocks". Whatever people are measuring than is pretty much useless because the compute time spans many glyphs and is summed-up across them... =:-) ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.ma...@nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;) _______________________________________________ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel