Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I know you can do timing attacks through the network, it's not even that hard in the simple case.

That paper, like most papers on timing attacks, was done on the local network, not the internet. They're relying on absurdly precise measurements of absolutely tiny differences in timing, which would be lost in the jitter and latency of the real internet.

As I said, you can certainly do internet timing attacks where you're looking for database access, because this can take many milliseconds, which is a delay which can be detected even on a crappy internet link using a bit of light statistics.



Right; I guess my thought is that since a hash with a modest work function can also take many milliseconds, this would be meaningful. Not sure in practice, however.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: