[PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to U

mediagoblin-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to U

From:	~andrew-dudash
Subject:	[PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to Use a Constant Time String Comparison
Date:	Sat, 15 Apr 2023 01:43:31 +0000

Currently the password hash comparison code uses a random delay, but I
always thought constant time string comparison was best practice.

I was going to ask about it, but I thought it would be better to make a
patch than bike shed. :)

Drew (1):
  Replace authentication hash comparison code to use a constant time
    string comparison. Docker debian 11 tests are passing.

 mediagoblin/plugins/basic_auth/tools.py | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

-- 
2.38.4

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH mediagoblin 0/1] Replace Authentication Hash Comparison Code to Use a Constant Time String Comparison, ~andrew-dudash <=
- [PATCH mediagoblin 1/1] Replace authentication hash comparison code to use a constant time string comparison. Docker debian 11 tests are passing., ~andrew-dudash, 2023/04/14

Prev by Date: [PATCH mediagoblin 1/1] Replace authentication hash comparison code to use a constant time string comparison. Docker debian 11 tests are passing.
Previous by thread: MediaGoblin 0.12.1 released
Next by thread: [PATCH mediagoblin 1/1] Replace authentication hash comparison code to use a constant time string comparison. Docker debian 11 tests are passing.
Index(es):
- Date
- Thread