Opened 4 years ago

Closed 4 years ago

#6783 enhancement closed duplicate (duplicate)

Use a password validation function that does not leak passwords mismatch place

Reported by: jan.wrobel Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: wrr@… Branch:
Author:

Description

For security reasons credentials classes from https://twistedmatrix.com/trac/browser/trunk/twisted/cred/credentials.py should preferably compare passwords using a function which running time does not depend on a place where passwords mismatch. See for example Django implementation of such a function: https://github.com/django/django/blob/master/django/utils/crypto.py#L79

Change History (2)

comment:1 Changed 4 years ago by Jean-Paul Calderone

Thanks.

This is a duplicate of #4536.

comment:2 Changed 4 years ago by Jean-Paul Calderone

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.