Open Problem: Side Channel Attacks on Encoding Functions
Encoding functions like bin2hex() and base64_encode() are very common in web applications. PHP does not implement these functions in constant time. Question: Can the timing/cache differences be used to compromise privacy in web applications? Also, how can one safely encode a binary string to base64 or hex in PHP?
(This page is mostly a placeholder for some research I'm going to do if I have time, but please feel free to answer the questions if you can!)