File: util.go

package info (click to toggle)
golang-github-jimstudt-http-authentication 0.0~git20140401.3eca13d-1.1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, forky, sid, trixie
  • size: 284 kB
  • sloc: makefile: 2
file content (18 lines) | stat: -rw-r--r-- 454 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
package basic

import (
	"crypto/sha1"
	"crypto/subtle"
)

func constantTimeEquals(a string, b string) bool {
	// compare SHA-1 as a gatekeeper in constant time
	// then check that we didn't get by because of a collision
	aSha := sha1.Sum([]byte(a))
	bSha := sha1.Sum([]byte(b))
	if subtle.ConstantTimeCompare(aSha[:], bSha[:]) == 1 {
		// yes, this bit isn't constant, but you had to make a Sha1 collision to get here
		return a == b
	}
	return false
}