This particularly one hasn't been demonstrated to be exploitable, however this precise pattern has: http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/
If someone more familiar with this bit of code and the implications can weigh in and says it's fine, I'm happy to just send up a CR for this.
This particularly one hasn't been demonstrated to be exploitable, however this precise pattern has: http:// rdist.root. org/2009/ 05/28/timing- attack- in-google- keyczar- library/
If someone more familiar with this bit of code and the implications can weigh in and says it's fine, I'm happy to just send up a CR for this.