hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update TimingAttack.qhelp

Browse Source
This commit is contained in:
Ahmed Farid
2022-06-29 00:51:12 +01:00
committed by GitHub
parent 655b9d4262
commit acbb4042df
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp
View File

@@ -7,8 +7,7 @@
how long it takes the system to respond to different inputs.
it can be circumvented by using a constant-time algorithm for checking the value of sensitive info,
more precisely, the comparison time should not depend on the content of the input. Otherwise the attacker gains
information that is indirectly leaked by the application. This information is then used for malicious purposes,
such as guessing the password of a user.
information that is indirectly leaked by the application. This information is then used for malicious purposes.
</p>
</overview>