You wanna hand over your paycheck now, or later? :-)
I know someone with a functional white-hat timing attack script sitting on their laptop. They've been honing the statistical analysis to get the number of data points needed down to a less noticeable size, but the technique can already be successfully applied. To your latter point, you can run a timing attack as slowly as you like, and a lot of sites have very poor monitoring for things like 404s. A month or more of patient low-level attacking to gain access to a prime target is well worth it. The point being that we all ought to take timing attacks seriously. They're not nearly as unrealistic as people think. All the best, - Gabriel -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
