[erlang-questions] Two beautiful programs - or web programming made easy

Bengt Kleberg bengt.kleberg@REDACTED
Wed Feb 16 07:17:10 CET 2011


Greetings,

Google does not find anything about this so from memory:

The password had to be stored on two different virtual memory pages. You
started with the first character on page one, and the rest on page 2.
The library function that checked if this was the right password would
return faster if the character on page one was correct. After trying all
possible first characters you would then know the correct character.
Then put both the correct first character and another (probably wrong)
character one virtual memory page one, the rest on page two. Repeat.


bengt

On Tue, 2011-02-15 at 21:59 +0100, Robert Virding wrote:
> ----- "Jesper Louis Andersen" <jesper.louis.andersen@REDACTED> wrote:
> 
> > Beware the side-channel attack. Crypto done right, mathematically, is
> > not secure anymore. You need certain functions to take the same
> > amount
> > of time always, or you can gleam off bits from information theoretic
> > attacks.
> 
> This reminds of something from the annals of history, from the golden age of computing. Apparently on a Dec-10 you could tell how many of the characters in an attempted password were correct by the time it took for the system to return that it was an illegal password. Or so the legends say.
> 
> Robert
> 



More information about the erlang-questions mailing list