Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make password comparisons constant-time #2486

Merged
merged 1 commit into from
May 22, 2024
Merged

Make password comparisons constant-time #2486

merged 1 commit into from
May 22, 2024

Conversation

hrxi
Copy link
Member

@hrxi hrxi commented May 20, 2024
edited
Loading

Do that by hashing the passwords using blake2b and then using subtle to do a constant-time comparison.

Fixes #2452.
Fixes #2460.

Requires nimiq/jsonrpc#26.

@hrxi hrxi force-pushed the hrxi/constant_time branch 2 times, most recently from 4edf409 to 32bb179 Compare May 20, 2024 14:55
@styppo styppo added this to the Nimiq PoS Mainnet milestone May 20, 2024
jsdanielh
jsdanielh reviewed May 22, 2024
View reviewed changes
Copy link
Member

@jsdanielh jsdanielh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a small suggestion. LGTM otherwise

lib/Cargo.toml Outdated Show resolved Hide resolved
@hrxi
Make password comparisons constant-time
a7f9ed7 
Do that by hashing the passwords using blake2b and then using `subtle`
to do a constant-time comparison.

Fixes #2452.
Fixes #2460.
@jsdanielh jsdanielh merged commit a7f9ed7 into albatross May 22, 2024
6 checks passed
@jsdanielh jsdanielh deleted the hrxi/constant_time branch May 22, 2024 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsdanielh jsdanielh jsdanielh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Nimiq PoS Mainnet
5 participants
@hrxi @jsdanielh @hasanurr9 @noyon3rh @styppo