DEV Community

Discussion on: It’s All In The Timing: Timing Attacks For Dummies

mkuegi profile image
Markus Zancolò

This is a good explanation,
But never ever authenticate a client based directly on a string send in plaintext... If I want to impersonate the app like that, I don't need such an attack. Just sniff the traffic of the app. Even easier if there is a web client.
So if that attack poses a threat for your system, please fix the authentication protocol, not only the string compare.