freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] Potential Timing Side-channel in Freetype Library


From: Alan Coopersmith
Subject: Re: [ft-devel] Potential Timing Side-channel in Freetype Library
Date: Tue, 19 Feb 2019 10:18:45 -0800
User-agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 02/19/19 06:11 AM, Alexei Podtelezhnikov wrote:
an unprivileged attacker could potentially utilize flush+reload cache 
side-channel attack to measure the execution time of said subroutine to infer 
user input.

Isn't it why my passwords show up as ●●●●●●●●● in sensible applications?

From the paper it seems the problem is mainly in those apps, mainly mobile,
that show the character for a second before transforming to a star or
bullet, to help people notice when they fat-fingered on their touch
screen keyboard.


--
        -Alan Coopersmith-               address@hidden
         Oracle Solaris Engineering - https://blogs.oracle.com/alanc



reply via email to

[Prev in Thread] Current Thread [Next in Thread]