Skip to content
This repository has been archived by the owner on Jul 15, 2018. It is now read-only.
This repository has been archived by the owner on Jul 15, 2018. It is now read-only.

ensure that private key comparisons are constant time comparisons to avoid timing attacks #43

Closed
Closed
ensure that private key comparisons are constant time comparisons to avoid timing attacks#43
@odeke-em

Description

@odeke-em
odeke-em
opened on Oct 26, 2017

Let's inspect our code and ensure that any private key or HMAC comparisons are always constant time comparisons instead of using bytes.Equal which is susceptible to timing/side channel attacks. When cryptographers audit our code, most likely the keen ones will point out the same problem out.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions