- From: Smith, Kevin, (R&D) Vodafone Group <Kevin.Smith@vodafone.com>
- Date: Thu, 7 Jan 2016 11:53:07 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
> I wouldn't prepare for the apocalypse over this. I'll turn the kettle off then :) > It reveals the length of fields that are unknown in the presence of known or predictable information. It doesn't actually reveal the bytes, just the length. Then they are left with the actually hard problem of extracting the actual value of the characters. Would knowing which passwords are feasible to brute-force due to short length be an advantage to an attacker though...? Cheers, Kevin
Received on Thursday, 7 January 2016 12:26:05 UTC