Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Sep 2016 14:03:43 +0300
From: Alex Smirnoff <>
Subject: Re: Blog Post about Password Resets

Sorry, I did not get the idea.

If you use the whole token's hash as both the selector and verifier, wouldn't
it be easier just to make a verification function that works at a constant time?

(and aren't timing attacks already impactical even if you do not,
because the attacker cannot manipulate arbitray bytes in the hash?)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.