http://codahale.com/a-lesson-in-timing-attacks/
The article makes a good case for taking even network operations seriously.
It's
like brute force, except the force required should diminish over time. The
result is that a little preemptive action now, may prevent a lot of pain later.
I'm not sure I'd take the side of it being a serious problem just yet, but
"just
yet" doesn't mean "completely ignore". As the OP has stated, there is a clear
trend to fix this vulnerability (potential or otherwise) where possible.
P.S. Hope the Blackhat USA slides are put up somewhere ;)
Pádraic Brady
http://blog.astrumfutura.com
http://www.survivethedeepend.com
OpenID Europe Foundation Irish Representative
________________________________
From: Eric Norman <[email protected]>
To: [email protected]
Sent: Wed, July 14, 2010 7:12:56 AM
Subject: Re: [security] Widespread Timing Vulnerabilities in OpenID
implementations
_______________________________________________
security mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-security
