All code examples are available here.

Timing Attacks are a particular type of attacks that use flaws in code that impact the execution time.

TLDR

Don’t use string comparison == when checking for secrets or token equality. Use safe implementations.

Vulnerable code

Vulnerability explanation

SCHEMA

Not vulnerable code

Example of attack

References:

• https://codahale.com/a-lesson-in-timing-attacks/

Edit this page on Github