You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 15, 2018. It is now read-only.
Let's inspect our code and ensure that any private key or HMAC comparisons are always constant time comparisons instead of using bytes.Equal which is susceptible to timing/side channel attacks. When cryptographers audit our code, most likely the keen ones will point out the same problem out.
The text was updated successfully, but these errors were encountered:
Fixes#43
Avoid susceptibility to timing/side channel attacks by ensuring
that private key and signature comparisons use
`subtle.ConstantTimeCompare`
instead of
`bytes.Equal`
Let's inspect our code and ensure that any private key or HMAC comparisons are always constant time comparisons instead of using
bytes.Equal
which is susceptible to timing/side channel attacks. When cryptographers audit our code, most likely the keen ones will point out the same problem out.The text was updated successfully, but these errors were encountered: