Comments by "disgruntledtoons" (@disgruntledtoons) on "researchers find unfixable bug in apple computers" video.

  1. So for password hash checks, have a pass/fail flag, and a dummy flag, and set them both to true. Loop through the entire hash, checking it against the has of whatever was entered. For each match, clear the dummy, and for any mismatch clear the pass/fail flag. Code these two paths so that they take the exact same amount of time. Always check the entire hash, even if the first character of the hash fails the check. Return the pass/fail flag. The result is that password checks always take the same amount of time, no matter how closely or badly the password matches.
    1