Hacker News new | past | comments | ask | show | jobs | submit login

That's the equivalent of adding jitter to try to foul up a timing attack. It doesn't really work.



Not exactly. A timing attack relies on targeting an ongoing process. If you disclose after the investigation is complete, then there's nothing to attack.

In your analogy, it would be closer to someone logging and then disclosing the fact they had logged in at some point (years) in the future.

(FWIW, I am not a security researcher, but I've heard about how these things work. Would love to be corrected if wrong. :) )


Considering there are people sitting in Guantanamo and elsewhere who haven't been charged with a crime, "after the investigation is complete" could be decades.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: