Closed eproxus closed 1 year ago
At the time we were working on this there were some heated arguments (in https://github.com/erlang/otp/pull/2749 and https://github.com/erlang/otp/pull/4750) about this function. We neglected to update the document with the final name. Thanks for the heads-up, I proposed a fix.
The page https://github.com/erlef/security-wg/blob/master/docs/secure_coding_and_deployment_hardening/timing_attacks.md describes a function
crypto:equal_const_time/2
which is not documented. It seems an official API has been added in https://github.com/erlang/otp/pull/4750 calledcrypto:hash_equals/2
which should probably be recommended instead?