Length hiding was shown to be ineffective in the article (by adding random noise... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kansface on Aug 6, 2013 \| parent \| context \| favorite \| on: Security advisory: Breach and Django Length hiding was shown to be ineffective in the article (by adding random noise). Perhaps a fixed length response would work better- or perhaps one that is heavily quantized? Really, production environments are not the place to try un-vetted academic crypto research.

bobwaycott on Aug 7, 2013 [–]

> Really, production environments are not the place to try un-vetted academic crypto research.

A very salient piece of cautionary advice. Disable gzip to protect prod. Figure out what to do to allow compression off prod, and engage the devs of your stack/framework to do this correctly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact