Fix Remote Timing Attack vulnerability #64

merged 2 commits into from Nov 12, 2013


None yet
3 participants

h0ke commented Feb 11, 2013

The way the SDK compares the signed_request signature with the expected signature is vulnerable to a remote timing attack. For more information, see the following articles.


gfosco commented Oct 15, 2013

Sorry it took so long to respond to this. Can you sign the Contributor License Agreement?

Once that's done we can look at merging this. Thanks for your contribution.


h0ke commented Oct 15, 2013

Signed. 👍


gfosco commented Oct 28, 2013

Will get back to you about this soon, hopefully this week. We had discussed internally and want to suggest a few changes.


h0ke commented Oct 28, 2013

Alrighty. 😃


gfosco commented Oct 31, 2013

Can you add a space between the 'if' and the opening parenthesis on line 1024?

depoll pushed a commit that referenced this pull request Nov 12, 2013

David Poll
Merge pull request #64 from h0ke/master
Fix Remote Timing Attack vulnerability

@depoll depoll merged commit 7ea7c6b into facebookarchive:master Nov 12, 2013


depoll commented Nov 12, 2013

Thanks for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment