forked from lix-project/hydra
29620df85e
The default password comparison logic does not use constant time validation. Switching to constant time offers a meager improvement by removing a timing oracle. A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after for validating existing passwords. Co-authored-by: Graham Christensen <graham@grahamc.com> |
||
---|---|---|
.. | ||
Users.t |