undefined | Better HN

0 pointstptacek13y ago0 comments

You're not an IT guy, but you are a programmer, and you know that leaving a vulnerability in your code, hoping the devops team catches attempts to exploit it, is a fucking retarded idea. I think you're just trolling.

0 comments

CamperBob213y ago

Who said anything about leaving a vulnerability in the code? If your security model depends on a suboptimal implementation of strcmp(), you have bigger problems than timing attacks.

tptacekOP13y ago

I have no idea what you mean by "suboptimal implementation of strcmp".

j / k navigate · click thread line to collapse

0 pointstptacek13y ago0 comments

0 comments

CamperBob213y ago

Who said anything about leaving a vulnerability in the code? If your security model depends on a suboptimal implementation of strcmp(), you have bigger problems than timing attacks.

tptacekOP13y ago

I have no idea what you mean by "suboptimal implementation of strcmp".

j / k navigate · click thread line to collapse