Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
12 check-ins related to "dmitry-security"
2011-10-04
| ||
15:15 | Merge protection against timing attacks into trunk. check-in: d4a341b49d user: dmitry tags: trunk | |
14:38 | Merge trunk into dmitry-security branch. Closed-Leaf check-in: f4eb0f5afc user: dmitry tags: dmitry-security | |
14:34 | Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. check-in: d244c484e7 user: dmitry tags: dmitry-security | |
14:28 | Revert the previous change after thinking more about it. Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this p... check-in: 13a9a1244c user: dmitry tags: dmitry-security | |
2011-10-03
| ||
16:34 | Disabling Cache-control: no-store, as it made firefox forget about form field contents on back/forward in history. Resolution achieved by a minimal consensus at this thread on the mailing list. check-in: 3fac77d7b0 user: viriketo tags: trunk | |
2011-09-30
| ||
10:51 | It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. check-in: 48bcfbd47b user: dmitry tags: dmitry-security | |
09:41 | Catch zero length early in blob_constant_time_eq(). check-in: e3d022dffa user: dmitry tags: dmitry-security | |
2011-09-29
| ||
21:06 | Fix to the previous fix: install function to the correct database. check-in: 3782276da6 user: dmitry tags: dmitry-security | |
21:04 | Fix login groups. check-in: 6f29649ef3 user: dmitry tags: dmitry-security | |
17:26 | Fix comment. check-in: a0fa120b74 user: dmitry tags: dmitry-security | |
17:21 | Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. check-in: 7f110475ec user: dmitry tags: dmitry-security | |
14:07 | When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. check-in: 9bfa186be0 user: dmitry tags: trunk | |