You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Timing attacks are used to reveal secrets using statistical sampling in large quantities and could in worst case reveal secret keys.
It would be really awesome to have a test that could be used against OAuthLibs verify_request to ensure it does not introduce variance in execution time between different requests in a way that would allow user enumeration or secret key guessing.
A large bonus if this could easily be imported by developers implementing oauth providers and ran against their setup.
The text was updated successfully, but these errors were encountered:
Timing attacks are used to reveal secrets using statistical sampling in large quantities and could in worst case reveal secret keys.
It would be really awesome to have a test that could be used against OAuthLibs verify_request to ensure it does not introduce variance in execution time between different requests in a way that would allow user enumeration or secret key guessing.
A large bonus if this could easily be imported by developers implementing oauth providers and ran against their setup.
The text was updated successfully, but these errors were encountered: