Open aure994 opened 9 months ago
Constant time hmac equality check is a best practice to avoid potential timing attacks. It seems that Arrays.equals does not work in constant time. I think MessageDigest.isEqual is more appropriate in this case.
Constant time hmac equality check is a best practice to avoid potential timing attacks. It seems that Arrays.equals does not work in constant time. I think MessageDigest.isEqual is more appropriate in this case.