george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Time attack protection on hmac comparison

Browse Source 
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
This commit is contained in:
Sebastien SAUVAGE
2014-02-06 22:52:17 +01:00
committed by El RIDO
parent daf5522b1e
commit 43a439e7d0
6 changed files with 135 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tst/vizhash16x16.php
View File

@@ -37,5 +37,10 @@ class vizhash16x16Test extends PHPUnit_Framework_TestCase
$this->assertEquals('image/png', $finfo->file($this->_file));
$this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe'));
$this->assertEquals($pngdata, $vz->generate('127.0.0.1'));
// generating new salt
$salt = serversalt::get();
require 'mcrypt_mock.php';
$this->assertNotEquals($salt, serversalt::generate());
}
}