top | item 39170365

(no title)

thulle | 2 years ago

> It is perfectly good enough for the error code enumeration to be statically randomized into hard coded constants.

A comment points out that they aren't randomized:

> The values used were chosen such that it takes a large number of bit flips to change from allowed to denied. Using random values doesn't really protect against this attack.

discuss

No comments yet.