Project

General

Profile

Actions

Feature #79888

closed

Constant-time password checking

Added by Christian Futterlieb almost 8 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
Start date:
2017-02-18
Due date:
% Done:

100%

Estimated time:
PHP Version:
Tags:
Complexity:
no-brainer
Sprint Focus:

Description

Replace all $knownPwassword == $givenPassword by either password_verify() (crypt()-based) or hash_equals() otherwise.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #79795: Improve saltedpasswordsClosed2017-12-12

Actions
Actions

Also available in: Atom PDF