go-srp icon indicating copy to clipboard operation
go-srp copied to clipboard
verified publisher icon Kong

Constant time compare would be safer

Open alokmenghrajani opened this issue 3 years ago • 0 comments

https://github.com/Kong/go-srp/blob/master/server.go#L55 should probably use crypto/subtle's ConstantTimeCompare. I'm guessing leaking timing is not exploitable in most contexts but you never know.

alokmenghrajani avatar Jul 05 '22 08:07 alokmenghrajani