amigan/stillbox
1
1
Fork 0
Code Issues 33 Pull requests Projects Releases Packages Wiki Activity Actions

timing attack

Browse source
This commit is contained in:
Daniel Ponte 2024-07-15 22:44:17 -04:00
parent e30896ee4c
commit 054ea37239
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
pkg/gordio/server/auth.go
View file

@ -42,12 +42,13 @@ func (s *Server) Login(ctx context.Context, username, password string) (token st
} }
if found == nil { if found == nil {
_ = bcrypt.CompareHashAndPassword([]byte("lol@timing"), []byte(password))
return "", ErrLoginFailed return "", ErrLoginFailed
} } else {
err = bcrypt.CompareHashAndPassword([]byte(found.Password), []byte(password))
err = bcrypt.CompareHashAndPassword([]byte(found.Password), []byte(password)) if err != nil {
if err != nil { return "", ErrLoginFailed
return "", ErrLoginFailed }
} }
return s.NewToken(found.ID), nil return s.NewToken(found.ID), nil