Avoid timing attacks in AuthTktAutenticationPolicy #320

Merged
merged 1 commit into from Oct 15, 2011

Projects

None yet

2 participants

@rfk

This factors out the timing-invariant string comparison code from
session.py and re-uses it for signature checking in AuthTkt code.

@rfk rfk Avoid timing attacks in AuthTktAutenticationPolicy
This factors out the timing-invariant string comparison code from
session.py and re-uses it for signature checking in AuthTkt code.
13906d6
@mcdonc mcdonc merged commit d1527f4 into Pylons:master Oct 15, 2011
@mcdonc
Pylons Project member

Thank you!

@biosyssun biosyssun pushed a commit to biosyssun/pyramid that referenced this pull request Dec 13, 2014
@mcdonc mcdonc - The AuthTktAuthenticationPolicy did not use a timing-attack-aware s…
…tring

  comparator.  See Pylons/pyramid#320 for more info.

References issue#320.
e61ab86
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment