This repository has been archived by the owner on Oct 25, 2024. It is now read-only.

What about timing attacks? #4

Open

petterreinholdtsen opened this issue Jun 14, 2018 · 0 comments

petterreinholdtsen commented Jun 14, 2018

I see code in authenticate() function on this form:

  if (something)
     raise FAILED
 if (something_else)
    raise FAILED

This might make it possible to time where in the process the error was detected. Is it perhaps better to do something like this:

if (something)
   error = True
if (something_else)
  error = True
if (error)
  raise FAILURE

Or is it not needed for other reasons related to for example django?

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.