• David Sinquin's avatar
    login handler: Use constant-time comparaison for hashes. · ca08234a
    David Sinquin authored
    An attacker knowing the salt but not the hash could try timming-attacks
    to guess a password hash and then try to find it from the hash.
    Although not a high risk, there is no good reason not to use a
    constant-time comparison, hence this commit.
    ca08234a
Name
Last commit
Last update
..
locale/fr/LC_MESSAGES Loading commit data...
management Loading commit data...
templates/re2o Loading commit data...
templatetags Loading commit data...
__init__.py Loading commit data...
acl.py Loading commit data...
aes_field.py Loading commit data...
context_processors.py Loading commit data...
contributors.py Loading commit data...
field_permissions.py Loading commit data...
login.py Loading commit data...
middleware.py Loading commit data...
mixins.py Loading commit data...
script_utils.py Loading commit data...
settings.py Loading commit data...
settings_local.example.py Loading commit data...
urls.py Loading commit data...
utils.py Loading commit data...
views.py Loading commit data...
wsgi.py Loading commit data...