[PHPBB3-13203] Use constant time comparison method for comparing password hashes - phpBB Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.0-RC5
Fix Version/s: 3.1.0-RC6
Component/s: Login
Labels:
None

GitHub Pull Request URL:
https://github.com/phpbb/phpbb/pull/3056

Description

Password hashes should be compared byte by byte to have a constant execution time for all hashes with the same length.

Attachments

Activity

People

Assignee:: Marc

Reporter:: Marc

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Oct/14 7:46 PM

Updated:: 22/Jan/17 4:02 PM

Resolved:: 22/Oct/14 11:07 PM