tendermint/go-crypto

ensure that private key comparisons are constant time comparisons to avoid timing attacks

Closed this issue · 0 comments

Let's inspect our code and ensure that any private key or HMAC comparisons are always constant time comparisons instead of using bytes.Equal which is susceptible to timing/side channel attacks. When cryptographers audit our code, most likely the keen ones will point out the same problem out.