proxmox/proxmox-sys
Stefan Sterz eef12f91a1 sys: crypt: use constant time comparison for password verification
by using `openssl::memcmp::eq()` we can avoid potential timing side
channels as its runtime only depends on the length of the arrays, not
the contents. this requires the two arrays to have the same length, but
that should be a given since the hashes should always have the same
length.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
2024-05-22 10:26:43 +02:00
..
debian sys: bump version to 0.5.4-2 2024-04-26 17:24:23 +02:00
src sys: crypt: use constant time comparison for password verification 2024-05-22 10:26:43 +02:00
tests sys: rust fmt 2022-04-10 17:39:31 +02:00
Cargo.toml sys: crypt: use constant time comparison for password verification 2024-05-22 10:26:43 +02:00