It's All About Time

Written by Ircmaxell - - Aggregated on Friday November 28, 2014
Tags: PHP, PHP-Internals, Programming, Security, Timing-Attack

An interesting pull request has been opened against PHP to make bin2hex() constant time. This has lead to some interesting discussion on the mailing list (which even got me to reply :-X). There has been pretty good coverage over remote timing attacks in PHP, but they talk about string comparison. I'd like to talk about other types of timing attacks.

Read more »

« New Job With Siftware - Lorna Jane

Sitepoint - How to Build an OctoberCMS Theme »