hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

More references in NonConstantTimeCryptoComparison.qhelp

Browse Source
This commit is contained in:
Artem Smotrakov
2021-06-26 11:01:26 +02:00
committed by Fosstars
parent 860e8f379e
commit 6500a1bbbb
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.qhelp
View File

@@ -37,6 +37,14 @@ The next example uses a safe constant time algorithm for comparing MAC:
Wikipedia:
<a href="https://en.wikipedia.org/wiki/Timing_attack">Timing attack</a>.
</li>
<li>
Coursera:
<a href="https://www.coursera.org/lecture/crypto/timing-attacks-on-mac-verification-FHGW1">Timing attacks on MAC verification</a>
</li>
<li>
NCC Group:
<a href="https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/TimeTrial.pdf">Time Trial: Racing Towards Practical Remote Timing Attacks</a>
</li>
<li>
Java API Specification:
<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte[],byte[])">MessageDigest.isEqual() method</a>