https://bugzilla.wikimedia.org/show_bug.cgi?id=61346

T. Gries <m...@tgries.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #9 from T. Gries <m...@tgries.de> ---
Not sure, if the following lines in your patch are correct as they make the
function return quickly if the lenghts are unequal -> timing attack made easy

        if ( strlen( $answer ) !== strlen( $test ) ) {
+            $passwordCorrect = false;
+        } else {

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to