Use a constant time algorithm to compare signature strings.
authorJan Lehnardt <jan@apache.org>
Fri, 14 Oct 2011 13:57:17 +0000 (15:57 +0200)
committerJan Lehnardt <jan@apache.org>
Fri, 14 Oct 2011 13:59:59 +0000 (15:59 +0200)
commit8abf2d69fa5aa4c78c1a6222336d6e0dff7904b3
treeebf706d1c25b461673e1cf6a382fb0bb8e50a8fb
parent29cb4781fd095f4b194d0c400ee2b89e90824020
Use a constant time algorithm to compare signature strings.

This guards against timing attacks of the class outlined
in http://codahale.com/a-lesson-in-timing-attacks/
src/oauth.erl