Message162875
| Author | ncoghlan |
|---|---|
| Recipients | arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, petri.lehtinen, pitrou |
| Date | 2012-06-15.08:42:18 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1339749739.21.0.659010422263.issue15061@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
FWIW, Petri's example also explains why leaking the expected length of the string is considered an acceptable optimisation in most reimplementations of this signature check comparison: the attacker is assumed to already know the expected length of the signature, because it's part of a documented protocol or API. However, I think it's more reasonable for a standard library implementation to omit that optimisation by default. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2012-06-15 08:42:19 | ncoghlan | set | recipients: + ncoghlan, loewis, arigo, pitrou, christian.heimes, fijall, petri.lehtinen, hynek |
| 2012-06-15 08:42:19 | ncoghlan | set | messageid: <1339749739.21.0.659010422263.issue15061@psf.upfronthosting.co.za> |
| 2012-06-15 08:42:18 | ncoghlan | link | issue15061 messages |
| 2012-06-15 08:42:18 | ncoghlan | create | |