Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timing safe string compare function #778

Closed
wants to merge 1 commit into from
Closed

Timing safe string compare function #778

wants to merge 1 commit into from

Commits on Feb 6, 2020

  1. Timing safe string compare function 

    The implementation for `CompareStrings` function initially used strcmp,
which is not timing safe, i.e. it breaks at the first non-equal
character which allows information to be extracted about the prefix that
is matching, which is know as the timing attack. To avoid that, we use
the modified `CompareStrings`, that will iterate over all the
character until the very end of the supplied password only. So, in this
way all operations will happen exactly the length of supplied string s1
times.
    Prateek Nischal authored and Prateek Nischal committed Feb 6, 2020
    Configuration menu
    Copy the full SHA
    d106e8f View commit details
    Browse the repository at this point in the history