Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?

I’m currently using PostgreSQL with the pgcrypto extension to store and verify user passwords. When a user logs in, I compare the entered password with the stored hash using the following query:
SELECT id FROM users
WHERE email = ‘example… Continue reading Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?

How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?

About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by the victim? Is this doable in "norma… Continue reading How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?

What optimization can be made for nanosecond IO and CPU stability when performing a timing attack?

I’m using Rust to create a program to attempt a timing attack on a network resource (a printer I lost a password to). I’m wired directly into it. What Linux environmental constraints can I optimize to minimize noise and variability?
Curren… Continue reading What optimization can be made for nanosecond IO and CPU stability when performing a timing attack?