• David Sinquin's avatar
    login handler: Use constant-time comparaison for hashes. · ca08234a
    David Sinquin authored
    An attacker knowing the salt but not the hash could try timming-attacks
    to guess a password hash and then try to find it from the hash.
    Although not a high risk, there is no good reason not to use a
    constant-time comparison, hence this commit.
    ca08234a
login.py 7.59 KB