View Single Post
  #4  
Old 05-03-2021, 08:21
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 619
Rept. Given: 17
Rept. Rcvd 41 Times in 25 Posts
Thanks Given: 566
Thanks Rcvd at 927 Times in 423 Posts
chants Reputation: 41
Performance often comes at the cost of providing side channels and security headaches.

Even when it's a bad password, if you return the result in a consistent amount of time based on how many characters are wrong, its trivial to get the password.

How about having dedicated cores for privileged and unpriviledged code, it comes with a cost for sure, hard to imagine an easy solutions to these issues though.
Reply With Quote