[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] CORS and resource provider awareness

I don't think restrictions on control flow constructs are a reliable way to prevent timing attacks.

Proof attack without control flow constructs in the shader: http://codeflow.org/issues/timing-attack/vs-tex.html
Working principle: A quad is overdrawn on a canvas 128x and the quad size depends on the texel value fetched from texture.