commit 27a1aa4601b41ff942e3d54071dede78513f71ba
parent 168c493b350b1f863f4e753267411fe6b1e6b44c
Author: Jan Dankert <devnull@localhost>
Date: Tue, 7 Nov 2017 23:23:42 +0100
Zeitverzögerung beim Login im Nanosekunden-Bereich. Dies soll Timing-Attacken zusätzlich erschweren.
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/util/Password.class.php b/util/Password.class.php
@@ -207,11 +207,11 @@ class Password
/**
* Cryptographic delay of execution.
- * Delay is from 0 to 983 milliseconds, Steps of 15 microseconds, which would be very heavy to attack over a network.
+ * Delay is from 0 to 168 milliseconds, Steps of 10 nanoseconds(!), which would be very heavy to attack over a network.
*/
static public function delay()
{
- time_nanosleep(0, Password::randomNumber(2)*15*1000); // delay: 0-983 ms
+ time_nanosleep(0, Password::randomNumber(3)*10); // delay: 0-167772150ns (= 0-~168ms)
}
}
?>
\ No newline at end of file