• David Sinquin's avatar
    login handler: Use constant-time comparaison for hashes. · ca08234a
    David Sinquin authored
    An attacker knowing the salt but not the hash could try timming-attacks
    to guess a password hash and then try to find it from the hash.
    Although not a high risk, there is no good reason not to use a
    constant-time comparison, hence this commit.
    ca08234a
Name
Last commit
Last update
api Loading commit data...
cotisations Loading commit data...
docs_utils Loading commit data...
freeradius_utils Loading commit data...
install_utils Loading commit data...
logs Loading commit data...
machines Loading commit data...
preferences Loading commit data...
re2o Loading commit data...
search Loading commit data...
static Loading commit data...
templates Loading commit data...
test_utils Loading commit data...
topologie Loading commit data...
users Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
CHANGELOG.md Loading commit data...
LICENSE Loading commit data...
README.md Loading commit data...
apt_requirements.txt Loading commit data...
install_re2o.sh Loading commit data...
manage.py Loading commit data...
pip_dev_requirements.txt Loading commit data...
pip_requirements.txt Loading commit data...