https://bugzilla.wikimedia.org/show_bug.cgi?id=61346
T. Gries <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #9 from T. Gries <[email protected]> --- Not sure, if the following lines in your patch are correct as they make the function return quickly if the lenghts are unequal -> timing attack made easy if ( strlen( $answer ) !== strlen( $test ) ) { + $passwordCorrect = false; + } else { -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
