Brad Davidson 239021e759 Consistently use constant-time comparison of password hashes ... As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>		2023-05-09 13:54:50 -07:00
..
basicauth	Add client certificate authentication support to core Authenticator	2022-04-06 13:03:14 -07:00
hash	Introduction of Integration Tests (#3695)	2021-07-26 09:59:33 -07:00
passwordfile	Consistently use constant-time comparison of password hashes	2023-05-09 13:54:50 -07:00
authenticator.go	Add client certificate authentication support to core Authenticator	2022-04-06 13:03:14 -07:00