Observable Timing Discrepancy (Timing Attack)

        return digestHexCache;
    }

    public boolean digestEquals(byte[] otherDigest) {
        return Arrays.equals(digest, otherDigest);

An attacker can guess the secret value of digest because it is compared using java.util.Arrays.equals, which is vulnerable to timing attacks. Use java.security.MessageDigest.isEqual to compare values securely.
line:154
/core/java/src/org/minidns/record/DelegatingDnssecRR.java#L154)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Observable Timing Discrepancy (Timing Attack) #65

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development