hydra

History

Graham Christensen 29620df85e Passwords: check in constant time The default password comparison logic does not use constant time validation. Switching to constant time offers a meager improvement by removing a timing oracle. A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after for validating existing passwords. Co-authored-by: Graham Christensen <graham@grahamc.com>	2021-04-15 11:34:56 -04:00
..
Users.t	Passwords: check in constant time	2021-04-15 11:34:56 -04:00

Graham Christensen 29620df85e Passwords: check in constant time

The default password comparison logic does not use
constant time validation. Switching to constant time
offers a meager improvement by removing a timing
oracle.

A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after
for validating existing passwords.

Co-authored-by: Graham Christensen <graham@grahamc.com>

2021-04-15 11:34:56 -04:00

Users.t

Passwords: check in constant time

2021-04-15 11:34:56 -04:00