Open cjpatton opened 1 year ago
When validating a bearer token we use a constant-time comparison algorithm in order to avoid leaking bits of the bearer token via a side channel: https://github.com/cloudflare/daphne/blob/main/daphne/src/messages/mod.rs#L1184
We should replace this with the implementation in the subtle crate, since the code is delicate and easy to get wrong.
subtle
While at it, address this: https://github.com/cloudflare/daphne/pull/473/files#diff-6660c5f7b70da1bf7dd0a22e00b5ee3191e693b9cef73a0fb5aeb31ae514f28cR59
cjpatton
commented
6 months ago cjpatton
commented
6 months ago
When validating a bearer token we use a constant-time comparison algorithm in order to avoid leaking bits of the bearer token via a side channel: https://github.com/cloudflare/daphne/blob/main/daphne/src/messages/mod.rs#L1184
We should replace this with the implementation in the
subtlecrate, since the code is delicate and easy to get wrong.