Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use timing attack safe string comparison #11096

Merged
merged 1 commit into from
Aug 25, 2017
Merged

Use timing attack safe string comparison #11096

merged 1 commit into from
Aug 25, 2017

Conversation

ceeram
Copy link
Contributor

@ceeram ceeram commented Aug 25, 2017

Use timing attack safe string comparison

@ceeram ceeram self-assigned this Aug 25, 2017
@markstory markstory added this to the 3.5.1 milestone Aug 25, 2017
@markstory markstory added the auth label Aug 25, 2017
markstory added a commit to cakephp/authentication that referenced this pull request Aug 25, 2017
@markstory
Use constant time comparision
218c165 
Prevent timing attacks by using a constant time comparison.

Port of cakephp/cakephp#11096
@markstory markstory mentioned this pull request Aug 25, 2017
Merged
@codecov-io
Copy link

Codecov Report

Merging #11096 into master will increase coverage by 0.05%.
The diff coverage is 100%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #11096      +/-   ##
============================================
+ Coverage     94.87%   94.92%   +0.05%     
- Complexity    12838    13059     +221     
============================================
  Files           437      437              
  Lines         32732    33060     +328     
============================================
+ Hits          31053    31381     +328     
  Misses         1679     1679
Impacted Files Coverage Δ Complexity Δ
src/Auth/DigestAuthenticate.php 100% <100%> (ø) 32 <0> (ø) ⬇️
src/Cache/Engine/FileEngine.php 88.95% <0%> (-1.11%) 73% <0%> (ø)
src/Http/ActionDispatcher.php 100% <0%> (ø) 21% <0%> (+2%) ⬆️
src/Controller/Controller.php 99.53% <0%> (+0.07%) 102% <0%> (+25%) ⬆️
src/Http/ServerRequest.php 99.65% <0%> (+0.16%) 432% <0%> (+194%) ⬆️
src/Cache/CacheEngine.php 93.61% <0%> (+4.25%) 19% <0%> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e64e0a9...bab2dc2. Read the comment docs.

@lorenzo
Copy link
Member

lorenzo commented Aug 25, 2017

Thanks!

@lorenzo lorenzo merged commit 8b8a8ba into master Aug 25, 2017
@lorenzo lorenzo deleted the digest-constant-time branch August 25, 2017 08:10
floriankraemer pushed a commit to Phauthentic/authentication that referenced this pull request Mar 15, 2024
@markstory
Use constant time comparision
c4a0af1 
Prevent timing attacks by using a constant time comparison.

Port of cakephp/cakephp#11096
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ceeram ceeram

Labels
auth
Projects
None yet
Milestone
3.5.1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ceeram @codecov-io @lorenzo @markstory