Skip to content

Potential Time-based Security Vulnerability #1

Description

@C-Stevens

if not client_proof == valid_proof.digest():

Python docs for hashlib imply vulnerabilities in comparing hashes with the == operator, and instead recommend using a compare_digest() method. In doc context, it is referring to HMAC messages, so it may not apply here but is worth investigating further.

Metadata

Metadata

Assignees

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions