Please sign in to comment.
Fix timing attack vulnerability in ActiveSupport::MessageVerifier.
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <email@example.com>
- Loading branch information...
Showing with 16 additions and 3 deletions.