SCRAM doesn't need constant_time_compare, nonces prevent replay (scram.py)

author: jesopo 2019-02-12 23:47:24 +0000
committer: jesopo 2019-02-12 23:47:24 +0000
commit: ac958384fe4faf6e96c5072129f09b3ebaa954e4 (patch)
tree: 6564f04223aa54e0a9e8594c209b30d6d528f8a7
parent: MONITOR actually catches NICK changes (nick_regain.py) (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/modules/sasl/scram.py b/modules/sasl/scram.py
index 487a2091..565f97e7 100644
--- a/modules/sasl/scram.py
+++ b/modules/sasl/scram.py
@@ -1,5 +1,4 @@
 import base64, enum, hashlib, hmac, os, typing
-from src import utils
 
 # IANA Hash Function Textual Names
 # https://tools.ietf.org/html/rfc5802#section-4
@@ -102,7 +101,7 @@ class SCRAM(object):
         server_key = self._hmac(self._salted_password, b"Server Key")
         server_signature = self._hmac(server_key, self._auth_message)
 
-        if utils.security.constant_time_compare(server_signature, verifier):
+        if server_signature == verifier:
             self.state = SCRAMState.Success
             return True
         else:
author	jesopo	2019-02-12 23:47:24 +0000
committer	jesopo	2019-02-12 23:47:24 +0000
commit	ac958384fe4faf6e96c5072129f09b3ebaa954e4 (patch)
tree	6564f04223aa54e0a9e8594c209b30d6d528f8a7
parent	MONITOR actually catches NICK changes (nick_regain.py) (diff)
signature