diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-10-15 10:30:50 +0000 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-11-02 11:41:30 +0000 |
commit | 912ff6abebe43caf16b3b384c7fde684a3dcb142 (patch) | |
tree | 5e85980ffba4412b5ade7641995cc14fb204a7b7 /cmake | |
parent | epee: allow a random component in once_a_time timeouts (diff) | |
download | monero-912ff6abebe43caf16b3b384c7fde684a3dcb142.tar.xz |
simplewallet: plug a timing leak
As reported by Tramèr et al, timing of refresh requests can be used
to see whether a password was requested (and thus at least one output
received) since this will induce a delay in subsequent calls.
To avoid this, we schedule calls at a given time instead of sleeping
for a set time (which would make delays additive).
To further avoid a scheduled call being during the time in which a
password is prompted, the actual scheduled time is now randomized.
Diffstat (limited to 'cmake')
0 files changed, 0 insertions, 0 deletions