Wow, there are some fantastically stubborn, yet civil minds in that thread. I li... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		callahad on July 16, 2010 \| parent \| context \| favorite \| on: Password crack [affecting OAuth and OpenID] could ... Wow, there are some fantastically stubborn, yet civil minds in that thread. I like Nate's reference to writing a blog post "to help people skip the standard progression of awareness to timing attacks." "Standard progression of awareness" is a wonderful term.

blasdel on July 16, 2010 | [–]

The reply in question: http://lists.openid.net/pipermail/openid-security/2010-July/...

brown9-2 on July 17, 2010 | [–]

Seriously. Kudos to Nate Lawson for being so patient in explaining the vulnerability he found in the developer's code to the developers themselves.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact