Date: Sat, 24 Sep 2016 14:03:43 +0300 From: Alex Smirnoff <ark@...ex.net> To: passwords@...ts.openwall.com Subject: Re: Blog Post about Password Resets Sorry, I did not get the idea. If you use the whole token's hash as both the selector and verifier, wouldn't it be easier just to make a verification function that works at a constant time? (and aren't timing attacks already impactical even if you do not, because the attacker cannot manipulate arbitray bytes in the hash?)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.