diff options
| author |  jesopo | 2019-02-12 23:47:24 +0000 |
|---|---|---|
| committer | jesopo | 2019-02-12 23:47:24 +0000 |
| commit | ac958384fe4faf6e96c5072129f09b3ebaa954e4 (patch) | |
| tree | 6564f04223aa54e0a9e8594c209b30d6d528f8a7 /modules | |
| parent | MONITOR actually catches NICK changes (nick_regain.py) (diff) | |
| signature | ||
SCRAM doesn't need constant_time_compare, nonces prevent replay (scram.py)
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/sasl/scram.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/modules/sasl/scram.py b/modules/sasl/scram.py index 487a2091..565f97e7 100644 --- a/modules/sasl/scram.py +++ b/modules/sasl/scram.py @@ -1,5 +1,4 @@ import base64, enum, hashlib, hmac, os, typing -from src import utils # IANA Hash Function Textual Names # https://tools.ietf.org/html/rfc5802#section-4 @@ -102,7 +101,7 @@ class SCRAM(object): server_key = self._hmac(self._salted_password, b"Server Key") server_signature = self._hmac(server_key, self._auth_message) - if utils.security.constant_time_compare(server_signature, verifier): + if server_signature == verifier: self.state = SCRAMState.Success return True else: |