aboutsummaryrefslogtreecommitdiff
path: root/cmake
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-10-15 10:30:50 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-11-02 11:41:30 +0000
commit912ff6abebe43caf16b3b384c7fde684a3dcb142 (patch)
tree5e85980ffba4412b5ade7641995cc14fb204a7b7 /cmake
parentepee: allow a random component in once_a_time timeouts (diff)
downloadmonero-912ff6abebe43caf16b3b384c7fde684a3dcb142.tar.xz
simplewallet: plug a timing leak
As reported by Tramèr et al, timing of refresh requests can be used to see whether a password was requested (and thus at least one output received) since this will induce a delay in subsequent calls. To avoid this, we schedule calls at a given time instead of sleeping for a set time (which would make delays additive). To further avoid a scheduled call being during the time in which a password is prompted, the actual scheduled time is now randomized.
Diffstat (limited to 'cmake')
0 files changed, 0 insertions, 0 deletions