Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13203

Use constant time comparison method for comparing password hashes

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-RC5
    • Fix Version/s: 3.1.0-RC6
    • Component/s: Login
    • Labels:
      None

      Description

      Password hashes should be compared byte by byte to have a constant execution time for all hashes with the same length.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Marc Marc
            Reporter:
            Marc Marc
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development