Prevent timing attacks when validating credentials

Review Request #9795 — Created March 16, 2018 and submitted

Barret Rennie
rb-gateway
master
9840
9834
6ce24af...
rb-gateway

We now use constant time comparison to compare the credentials to the
configuration. We also do not short circuit the operation in the case
that the username is incorrect.

Ran unit tests.

Barret Rennie
David Trowbridge
  1. Ship It!

  2. 
      
Barret Rennie
Barret Rennie
Barret Rennie
David Trowbridge
  1. Ship It!
  2. 
      
Barret Rennie
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to master (c5f9103)
Loading...