Joined February 2013
·

Luca Mearelli

Citta' di Castello, Italy
·
·
·

Posted to Constant time hash comparison over 1 year ago

@khalsah oops, I stand corrected, you are perfectly right. I've updated my protip to reflect your suggestion, thanks!

Posted to Constant time hash comparison over 1 year ago

@nubbel I should have clarified this: in this context what's constant is it's the time required to do the comparison between any two of all the possible strings. The computational complexity is O(n) as you wrote

Posted to Constant time hash comparison over 1 year ago

@khalsah I think you are correct when strictly speaking of passwords hashed with salt but there are cases where this can be useful e.g. when dealing with cookies / sessions ids. The page I linked contained a link to this post: http://codahale.com/a-lesson-in-timing-attacks/ which explains better than I might do the problem :)

Achievements
99 Karma
3,512 Total ProTip Views