search

PHPGangsta / GoogleAuthenticator

PHP class to generate and verify Google Authenticator 2-factor authentication
http://phpgangsta.de/4376
BSD 2-Clause "Simplified" License
2.26k stars 699 forks source link

Avoid timing attacks and fix #24 #25

Closed leandro-lugaresi closed 8 years ago

leandro-lugaresi commented 9 years ago

Time attacks can be used to improve one Brute Force attack More info can be found here: http://blog.ircmaxell.com/2014/11/its-all-about-time.html http://sakurity.com/blog/2015/07/18/2fa.html

This comparison will also avoid the problem of leading zeros (#24) :)

esolitos commented 9 years ago

I reviewed the code and it looks fine to me!

Conver commented 8 years ago

+1

renini commented 8 years ago

:+1: merge?