Lỗ hổng thời gian trong hàm memcmp có thể gây ra rò rỉ thông tin bí mật. Sử dụng thư viện Flatline để viết code an toàn và không bị rò rỉ thời gian. #an_toàn_thời_gian #lỗ_hổng_thời_gian #memcmp #Flatline #constant_time #security
https://www.reddit.com/r/programming/comments/1ojs7ve/think_memcmp_is_safe_think_again/
Span<T>.SequenceEquals is faster than memcmp
https://richardcocks.github.io/2025-03-30-FasterThanMemCmp.html
#HackerNews #Span #SequenceEquals #memcmp #performance #optimization #tech #news
I fell into a rabbit hole today on memcmp() timing analysis for a remote service that verifies a MD5 digest... hours later, it's clear that due to compiler optimizations this is _really_ hard to exploit on most 64-bit machines (it can turn into 2^64 brute force in many cases).
Any tips on modern (remote) timing analysis of memcmp() implementations?
Also, Erlang should probably stop using memcmp() for cookie digest verification.
Bypassing Authentication | TechSNAP 62 https://getjupiter.com/videos/watch/03c70df1-210d-4bc0-bca0-6e6d64e59019
