[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to U
From: |
~andrew-dudash |
Subject: |
[PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to Use a Constant Time String Comparison |
Date: |
Sat, 15 Apr 2023 01:43:31 +0000 |
Currently the password hash comparison code uses a random delay, but I
always thought constant time string comparison was best practice.
I was going to ask about it, but I thought it would be better to make a
patch than bike shed. :)
Drew (1):
Replace authentication hash comparison code to use a constant time
string comparison. Docker debian 11 tests are passing.
mediagoblin/plugins/basic_auth/tools.py | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
--
2.38.4
- [PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to Use a Constant Time String Comparison,
~andrew-dudash <=