phantom/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-26 11:13:00 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

using constant time string comparison for username/password, to prevent timing attacks. fixes #3

Browse source
This commit is contained in:
Micah Lee 2014-05-21 18:27:12 -04:00
parent 7ef02955a0
commit a12dd0c4a9
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
onionshare.py
View file

@ -17,7 +17,16 @@ auth_username = auth_password = filename = filehash = filesize = ''
def check_auth(username, password): def check_auth(username, password):
global auth_username, auth_password global auth_username, auth_password
return username == auth_username and password == auth_password
if len(username) != 16 or len(password) != 16:
return False
# constant time string comparison, to prevent timing attacks
valid = True
for i in range(16):
if username[i] != auth_username[i] or password[i] != auth_password[i]:
valid = False
return valid
def authenticate(): def authenticate():
return Response( return Response(