Brad Davidson 239021e759 Consistently use constant-time comparison of password hashes ... As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>		2023-05-09 13:54:50 -07:00
..
passwordfile_test.go
passwordfile.go