Prevent timing attacks to guess Gradio passwords

[abidlabs]

This way we compare passwords is vulnerable to timing attack to guess the password. This PR uses hmac to prevent that, as described here: https://sqreen.github.io/DevelopersSecurityBestPractices/timing-attack/python

[gradio-pr-bot]

🪼 branch checks and previews

•	Name	Status	URL
	Spaces	ready!	Spaces preview
	Website	ready!	Website preview
🦄	Changes	detecting...

---

Install Gradio from this PR

pip install https://gradio-builds.s3.amazonaws.com/6601070af0bc8955e94479ad66aa426ba0215591/gradio-4.19.0-py3-none-any.whl

Install Gradio Python Client from this PR

pip install "gradio-client @ git+https://github.com/gradio-app/gradio@6601070af0bc8955e94479ad66aa426ba0215591#subdirectory=client/python"

[gradio-pr-bot]

🦄 change detected

This Pull Request includes changes to the following packages.

Package	Version
gradio	patch

• Maintainers can select this checkbox to manually select packages to update.

With the following changelog entry.

Prevent timing attacks to guess Gradio passwords

Maintainers or the PR author can modify the PR title to modify this entry.

Something isn't right?

• Maintainers can change the version label to modify the version bump.
• If the bot has failed to detect any changes, or if this pull request needs to update multiple packages to different versions or requires a more comprehensive changelog entry, maintainers can update the changelog file directly.

[freddyaboulton]

I think this only works for ASCII characters. We should convert to bytes first something like input_password.encode("utf-8")

[abidlabs]

Ah nice catch

[abidlabs]

Default encoding is utf-8

[abidlabs]

Done @freddyaboulton if you could take another look!

[freddyaboulton]

Nice and quick fix @abidlabs !