Use subtle
crate for constant-time comparison
#107
Labels
E-easy
Effort: Should be easy to implement and would make a good first PR
Usual comparison is not safe in cryptography as is lazy (fail-fast) and makes the code potentially vulnerable to timing attacks: https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html.
Use crates like
subtle
for constant-time comparison of secret values: https://docs.rs/subtle.https://github.com/juspay/orca/blob/dff8b22489e36058326bee36b2c91014cdb4c9f2/crates/masking/src/strong_secret.rs#L54-L62
The text was updated successfully, but these errors were encountered: