Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
kot-airplane2018-05-04 05:43:22
Burglary protection
kot-airplane, 2018-05-04 05:43:22

What's wrong with comparing strings in constant time?

From the PHP documentation:

Note that if you are using the crypt() function to verify a password, then you need to guard against timing attacks by using string comparisons that take constant time. Neither the PHP == and === operators, nor the strcmp() function are. The password_verify() function does exactly what it needs to.

What's wrong with string comparison that takes constant time? password_verify() apparently makes it longer, preventing the enumeration, but why such a strange wording, it would be written that it works too fast, therefore, it does not fit.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
L
Leonem Rubrum2019-07-29 17:01:29
Is it possible to generate promotional codes for input? 2Reply
A
alpa_kz2017-03-07 16:01:15
How to protect the client-bank application from hacking? 3Reply
Y
Yarik Mamaev2017-03-27 17:42:07
What is the error when inserting the script? 0Reply
K
Kotaro Hiba2019-09-03 14:46:00
What are the basics for hacking? 4Reply
W
weranda2015-05-08 23:40:04
Will blocking site folders via .htaccess prevent site from being hacked? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question