tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: const time authentication in bozohttpd



"Terry Moore" <tmm%mcci.com@localhost> wrote:
> Perhaps this is a silly comment; but wouldn't it be easier to simply time
> stamp the incoming request, and then spin for any authentication failure
> until a suitable fixed time has elapsed after the inbound arrival? Or are
> you worried about local cache-interference attacks as well? 

Why fixed time?  Make it random time.

-- 
Mindaugas


Home | Main Index | Thread Index | Old Index