Currently, a simple string comparison in the check method is used to validate the token. To resist timing-attack, we need to use constant time comparison algorithm. Details https://en.wikipedia.org/wiki/Timing_attack.
The text was updated successfully, but these errors were encountered:
Currently, a simple string comparison in the
checkmethod is used to validate the token. To resist timing-attack, we need to use constant time comparison algorithm. Details https://en.wikipedia.org/wiki/Timing_attack.The text was updated successfully, but these errors were encountered: