Skip to content
Snippets Groups Projects
Commit d6516e9a0a7f authored by Alex Gaynor's avatar Alex Gaynor
Browse files

Use hmac.compare_digest for our constant time comparison (#292)

parent 9ea63e32a102
No related branches found
No related tags found
No related merge requests found
......@@ -16,6 +16,7 @@
from __future__ import absolute_import
from __future__ import division
import hmac
import os
import re
import warnings
......@@ -121,11 +122,7 @@
)
ret = hashpw(password, hashed_password)
if len(ret) != len(hashed_password):
return False
return _bcrypt.lib.timingsafe_bcmp(ret, hashed_password, len(ret)) == 0
return hmac.compare_digest(ret, hashed_password)
def kdf(
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment