Task #83329
closed
Use hash_equals for timing-safe comparison of hash-values
100%
Description
To prevent timing-attacks on hash-comparions it is advised to use hash_equals (https://secure.php.net/hash_equals).
Updated by Gerrit Code Review almost 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55074
Updated by Mathias Brodala almost 7 years ago
Also see https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy for a bit more background.
Updated by Gerrit Code Review almost 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55074
Updated by Gerrit Code Review almost 7 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55074
Updated by Stephan Großberndt almost 7 years ago
- Subject changed from Use hash_equals for timing-safe comparion of hash-values to Use hash_equals for timing-safe comparison of hash-values
Updated by Gerrit Code Review almost 7 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55074
Updated by Stefan Neufeind almost 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset cc9b6676fb9c8f6f9bf8a94480fa569af15fabd6.
Updated by Gerrit Code Review almost 7 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55098
Updated by Stefan Neufeind almost 7 years ago
- Status changed from Under Review to Resolved
Applied in changeset 8858577f54122abdbc0d628aac28f80e3a08ad4d.
Updated by