Let’s start from the very beginning:
What a timing attack is (CWE‑208), why it matters in Node.js, and exactly how you can stop it.
CWE stands f...
For further actions, you may consider blocking this person and/or reporting abuse
How does it handle high inconsistency in response time of a request in the network? How can it work?
By enforcing a fixed minimum server‐side processing time, you guarantee every response leaves the server at the same moment.
Any extra network jitter then just adds random noise, so attackers can’t tease out microsecond‑scale differences—even over an inconsistent connection.
So did you just confirm fixed minimum server reply time is useless based on the fact that there is always random noise since internet is an incosistent network?
consider this example:
Imagine you're trying to hide a whisper in a room:
Now:
p.s : i got this example from chatgpt 🤣
I see the point and yes, in theory this can be done.
The topic is interesting.
However I just need to PING google.com
time=31.390 ms
time=25.018 ms
time=28.266 ms
time=24.029 ms
time=27.678 ms
to answer myself this is unusable in RL.
Next time my boss tells me to add this feature, I’ll show him this comment as proof that it’s useless—thanks! 🗿🫡🤣
Maybe you'll save him money.
you're right, I just can’t stop being everyone’s hero.
super helpful breakdown honestly - makes me want to double check my stuff. you ever caught a timing leak in your own code before or did you only learn about it later?
Thanks! Honestly, I just patch what I can and pray to the dev gods no one ever reports a timing attack on my stuff 🗿🤲🏻
Happy to hear you're inspired to change that! :)
Send this post to someone who needs to read this before Monday.