Fix potential timing side-channels in authentication mechanisms #737
No reviewers
Labels
No Label
AdminAPI
Bug
Check AWS
CI
Correctness
Critical
Documentation
Ideas
Improvement
Low priority
Newcomer
Performance
S3 Compatibility
Testing
Usability
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Deuxfleurs/garage#737
Loading…
Reference in New Issue
No description provided.
Delete Branch "fix-auth-ct-eq"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
argon2
crate, and its associated verification function, to check admin and metric tokensHmac
's built-in verification function that operates in constant-time for AWS signatures v4 verificationb94532ee02
to6d33e721c4
lx referenced this pull request2024-03-01 14:14:56 +00:00