mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-22 15:27:02 +00:00
2caaec3d8b
PasswordMatches calculates the proposed derived key, and then compares it with the actual derived key. That comparison is done using bytes.Equal, which is not in constant time. In theory, users with knowledge of the salt could use timing to extract information about the actual derived key. In practice, the salt is not being exposed to users, and the caller of PasswordMatches will add a delay to password checks, so it should not be easy to exploit via chasquid. But just to be safe and more future-proof, this patch changes the comparison to be in constant time.