github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/authenticator
History
Brad Davidson a0891cab16 Consistently use constant-time comparison of password hashes 
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 239021e759)
 		2023-05-10 15:18:54 -07:00
..
basicauth Add client certificate authentication support to core Authenticator 2022-04-06 13:03:14 -07:00
hash Introduction of Integration Tests (#3695) 2021-07-26 09:59:33 -07:00
passwordfile Consistently use constant-time comparison of password hashes 2023-05-10 15:18:54 -07:00
authenticator.go Add client certificate authentication support to core Authenticator 2022-04-06 13:03:14 -07:00