Skip to content
This repository has been archived by the owner on Jul 15, 2018. It is now read-only.

ensure that private key comparisons are constant time comparisons to avoid timing attacks #43

Closed
odeke-em opened this issue Oct 26, 2017 · 0 comments

Comments

@odeke-em
Copy link
Contributor

Let's inspect our code and ensure that any private key or HMAC comparisons are always constant time comparisons instead of using bytes.Equal which is susceptible to timing/side channel attacks. When cryptographers audit our code, most likely the keen ones will point out the same problem out.

odeke-em added a commit that referenced this issue Oct 26, 2017
Fixes #43

Avoid susceptibility to timing/side channel attacks by ensuring
that private key and signature comparisons use
`subtle.ConstantTimeCompare`
instead of
`bytes.Equal`
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants