Re: const time authentication in bozohttpd

To: tech-security%netbsd.org@localhost, tech-userlevel%netbsd.org@localhost
Subject: Re: const time authentication in bozohttpd
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Wed, 25 Jun 2014 21:23:24 +0200

On Wed, Jun 25, 2014 at 08:08:57PM +0100, Mindaugas Rasiukevicius wrote:
> "Terry Moore" <tmm%mcci.com@localhost> wrote:
> > Perhaps this is a silly comment; but wouldn't it be easier to simply time
> > stamp the incoming request, and then spin for any authentication failure
> > until a suitable fixed time has elapsed after the inbound arrival? Or are
> > you worried about local cache-interference attacks as well? 
> 
> Why fixed time?  Make it random time.

Random noise can be filtered out moderately easy.

Joerg

Follow-Ups:
- Re: const time authentication in bozohttpd
  - From: Mindaugas Rasiukevicius

References:
- Re: const time authentication in bozohttpd
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: const time authentication in bozohttpd
Next by Date: RE: const time authentication in bozohttpd
Previous by Thread: Re: const time authentication in bozohttpd
Next by Thread: Re: const time authentication in bozohttpd
Indexes:

Home | Main Index | Thread Index | Old Index