ensure that private key comparisons are constant time comparisons to avoid timing attacks
Closed this issue · 0 comments
odeke-em commented
Let's inspect our code and ensure that any private key or HMAC comparisons are always constant time comparisons instead of using bytes.Equal
which is susceptible to timing/side channel attacks. When cryptographers audit our code, most likely the keen ones will point out the same problem out.