W3C home > Mailing lists > Public > www-style@w3.org > October 2011

[css-shaders] security - timing attacks

From: Gregg Tavares (wrk) <gman@google.com>
Date: Tue, 18 Oct 2011 10:11:31 -0700
Message-ID: <CAKZ+BNpcDpRoqMpzTYS1aFa8YbbM2EQ9-_Ui4hyQBoFUfNj71w@mail.gmail.com>
To: www-style list <www-style@w3.org>
Don't CSS shaders end up exposing the same timing attacks for reading images
that WebGL used to before CORS support was added?

Basically, build a shader that takes more time depending on the pixels. Use
requestAnimationFrame to time how long compositing took, adjust until you
overflow a frame. You can now read pixels.
Received on Tuesday, 18 October 2011 17:11:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:38:51 UTC