W3C home > Mailing lists > Public > www-style@w3.org > October 2011

Re: [css-shaders] security - timing attacks

From: Dean Jackson <dino@apple.com>
Date: Thu, 20 Oct 2011 11:24:42 -0700
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, "Gregg Tavares (wrk)" <gman@google.com>, www-style list <www-style@w3.org>
Message-id: <EEEB847E-F2C0-4528-9ADA-2768DF335082@apple.com>
To: Chris Marrin <cmarrin@apple.com>

On 20/10/2011, at 10:22 AM, Chris Marrin wrote:

> The difference between the timing attacks that have been shown for WebGL and 2D Canvas is that you're actually making a drawing call and you can time that. CSS renders with the rest of the page, so the time it takes a particular filter to run is hidden in the rest of the page rendering. 

Also, Safari on iOS and OS X doesn't necessarily render everything between calls to requestAnimationFrame. Sometimes rendering happens in the background on another thread.

Dean
Received on Thursday, 20 October 2011 18:25:11 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:45 GMT