Closed milgner closed 2 years ago
All credit goes to @phlay for pointing this out.
Using regular comparison on the byte slice will abort as soon as the first byte doesn't match. This could open up the system to timing attacks on the verification. Using openssl::memcmp::eq, the comparison runs in constant-time.
openssl::memcmp::eq
All credit goes to @phlay for pointing this out.
Using regular comparison on the byte slice will abort as soon as the first byte doesn't match. This could open up the system to timing attacks on the verification. Using
openssl::memcmp::eq
, the comparison runs in constant-time.