freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] Potential Timing Side-channel in Freetype Library


From: Roland Mainz
Subject: Re: [ft-devel] Potential Timing Side-channel in Freetype Library
Date: Tue, 19 Feb 2019 20:53:20 +0100

On Tue, Feb 19, 2019 at 7:18 PM Alan Coopersmith
<address@hidden> wrote:
>
> On 02/19/19 06:11 AM, Alexei Podtelezhnikov wrote:
> >> an unprivileged attacker could potentially utilize flush+reload cache 
> >> side-channel attack to measure the execution time of said subroutine to 
> >> infer user input.
> >
> > Isn't it why my passwords show up as ●●●●●●●●● in sensible applications?
>
>  From the paper it seems the problem is mainly in those apps, mainly mobile,
> that show the character for a second before transforming to a star or
> bullet, to help people notice when they fat-fingered on their touch
> screen keyboard.

Well, the old-style solution here is to load multiple glyphs at the
same time, like one unicode block (256 chars), or in 16 char "blocks".
Whatever people are measuring than is pretty much useless because the
compute time spans many glyphs and is summed-up across them... =:-)

----

Bye,
Roland
-- 
  __ .  . __
 (o.\ \/ /.o) address@hidden
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]