[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] Potential Timing Side-channel in Freetype Library
|
From: |
Alan Coopersmith |
|
Subject: |
Re: [ft-devel] Potential Timing Side-channel in Freetype Library |
|
Date: |
Tue, 19 Feb 2019 10:18:45 -0800 |
|
User-agent: |
Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 02/19/19 06:11 AM, Alexei Podtelezhnikov wrote:
an unprivileged attacker could potentially utilize flush+reload cache
side-channel attack to measure the execution time of said subroutine to infer
user input.
Isn't it why my passwords show up as ●●●●●●●●● in sensible applications?
From the paper it seems the problem is mainly in those apps, mainly mobile,
that show the character for a second before transforming to a star or
bullet, to help people notice when they fat-fingered on their touch
screen keyboard.
--
-Alan Coopersmith- address@hidden
Oracle Solaris Engineering - https://blogs.oracle.com/alanc