mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
refactor(authentication): use crypto constant time compare (#1800)
* refactor(authentication): use crypto constant time compare Improve security with usage of the crypto/subtle ConstantTimeCompare() method for hash comparison. Fixes #1799 * docs: add explicit labels for chat types
This commit is contained in:
parent
5cf11f87c8
commit
c310049faa
|
@ -12,8 +12,8 @@
|
|||
[](https://aur.archlinux.org/packages/authelia-git/)
|
||||
[][Apache 2.0]
|
||||
[](https://opencollective.com/authelia-sponsors)
|
||||
[](https://discord.authelia.com)
|
||||
[](https://riot.im/app/#/room/#authelia:matrix.org)
|
||||
[](https://discord.authelia.com)
|
||||
[](https://riot.im/app/#/room/#authelia:matrix.org)
|
||||
|
||||
**Authelia** is an open-source authentication and authorization server
|
||||
providing 2-factor authentication and single sign-on (SSO) for your
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package authentication
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strconv"
|
||||
|
@ -151,7 +152,7 @@ func CheckPassword(password, hash string) (ok bool, err error) {
|
|||
return false, err
|
||||
}
|
||||
|
||||
return passwordHash.Key == expectedHash.Key, nil
|
||||
return subtle.ConstantTimeCompare([]byte(passwordHash.Key), []byte(expectedHash.Key)) == 1, nil
|
||||
}
|
||||
|
||||
func getCryptSettings(salt string, algorithm CryptAlgo, iterations, memory, parallelism, keyLength int) (settings string) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user