Raymond thanks for the amazing course!
i have a question regarding this snippet of code:
|
def check_user(user: User, password: str) -> bool: |
|
hashpass, salt = user_info[user].hashed_password |
|
target_hash_pass = hash_password(password, salt)[0] |
|
sleep(random.expovariate(10)) |
|
return secrets.compare_digest(hashpass, target_hash_pass) |
whats the point of a random sleep with exponential distribution ? to my knowledge it wont prevent timing attacks.
according to the documentation compare_digest is designed to prevent timing analysis so it already takes care of that for us.
thank you.
Raymond thanks for the amazing course!
i have a question regarding this snippet of code:
modernpython/pubsub/pubsub.py
Lines 85 to 89 in d305a09
whats the point of a random sleep with exponential distribution ? to my knowledge it wont prevent timing attacks.
according to the documentation compare_digest is designed to prevent timing analysis so it already takes care of that for us.
thank you.