1 comment

[ 3.0 ms ] story [ 17.4 ms ] thread
It's not the correct way to compare passwords anyway, since people can do timing attacks on any kind of direct string compare.

But this was a really clever exploit this guy found. Not too major, since only C programmers would use strcmp().