will-moss
Use constant-time comparison for passwords
Description
This pull request addresses a vulnerability in the authentication process where password and hash comparisons might be vulnerable to timing attacks. The standard == operator was replaced with subtle.ConstantTimeCompare to ensure a constant-time comparison of secrets.
The Vulnerability
When comparing password123 with pxssword123, the comparison would stop at the second character. When comparing with password124, it would stop at the last character.
An attacker could exploit this behavior by sending slightly different passwords and measuring the server's response time. A longer response time implies that more characters in the supplied password are correct. By iteratively guessing one character at a time, an attacker could potentially reconstruct the entire password without ever knowing it beforehand.
Changes
This PR replaces comparisons with crypto/subtle.ConstantTimeCompare. This function always compares the full length of both byte slices, taking the same amount of time regardless of how many characters are correct.
