Zeitverzögerung beim Login im Nanosekunden-Bereich. Dies soll Timing-Attacken zusätzlich erschweren. - openrat-cms - Unnamed repository; edit this file 'description' to name the repository.

commit 27a1aa4601b41ff942e3d54071dede78513f71ba
parent 168c493b350b1f863f4e753267411fe6b1e6b44c
Author: Jan Dankert <devnull@localhost>
Date:   Tue,  7 Nov 2017 23:23:42 +0100

Zeitverzögerung beim Login im Nanosekunden-Bereich. Dies soll Timing-Attacken zusätzlich erschweren.

Diffstat:
util/Password.class.php  | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/util/Password.class.php b/util/Password.class.php
@@ -207,11 +207,11 @@ class Password
 
 	/**
 	 * Cryptographic delay of execution.
-	 * Delay is from 0 to 983 milliseconds, Steps of 15 microseconds, which would be very heavy to attack over a network.
+	 * Delay is from 0 to 168 milliseconds, Steps of 10 nanoseconds(!), which would be very heavy to attack over a network.
 	 */
 	static public function delay()
 	{
-	    time_nanosleep(0, Password::randomNumber(2)*15*1000); // delay: 0-983 ms 
+	    time_nanosleep(0, Password::randomNumber(3)*10); // delay: 0-167772150ns (= 0-~168ms)  
 	}
 }
 ?> 
\ No newline at end of file

	openrat-cms Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs