tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

re: const time authentication in bozohttpd



> The 'cost' of any memory compare will be absolutely minimal compared
> to the cost of actually sending a TCP packet.
> 
> Is the time taken to do the password hash check actually measureable
> on a remote system?

see the original post for details.  :-)


.mrg.


Home | Main Index | Thread Index | Old Index