search

brianloveswords / python-jws

python implementation of JSON Web Signatures
57 stars 35 forks source link

HS algo verification should use constant time comparison #17

Closed davedoesdev closed 7 years ago

davedoesdev commented 9 years ago

https://github.com/brianloveswords/python-jws/blob/master/jws/algos.py#L38

To prevent timing attacks.

davedoesdev commented 8 years ago

@brianloveswords it looks like you did this, right?