prometheus-plugs hash and constant time equals to prevent timing attacks

hash and constant time equals to prevent timing attacks

Open leishman opened this issue 5 years ago • 0 comments

This change should reasonably prevent timing attacks against http auth in "/metrics" endpoint. The current implementation does nothing to prevent timing attacks against the equality check in valid_basic_credentials?.

Oct 13 '19 01:10 leishman

prometheus-plugs prometheus-plugs copied to clipboard

hash and constant time equals to prevent timing attacks

prometheus-plugs
prometheus-plugs copied to clipboard