>> What I could imagine, however, is to add some random fuzz so that
>> the rendering time varies by an additional value N (with N to be
>> set by the library user). I can imagine that this would
>> sufficiently reduce the repeatability, making it much harder to
>> execute the attack as described in your paper.
>
> I don't think that belongs in FreeType.
Maybe, yes. The suggestion to load the script's Unicode block as a
whole in advance sounds like a good suggestion – for passwords and the
like you only need a single font at a single size, so this should be
manageable. For CJK scripts and the like, the number of available
glyphs probably prevents easy password recognition anyway, I think.
Werner
_______________________________________________
Freetype-devel mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/freetype-devel
