diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2015-05-15 05:44:21 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-05-21 14:58:29 +1000 |
commit | 9173d0fbe44de7ebcad8a15618e13a8b8d78902e (patch) | |
tree | 482505d35ca1340c86ef35fe2e29555224d4d778 /ssh-keysign.c | |
parent | d028d5d3a697c71b21e4066d8672cacab3caa0a8 (diff) |
upstream commit
Use a salted hash of the lock passphrase instead of plain
text and do constant-time comparisons of it. Should prevent leaking any
information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
incrementing delay for each failed unlock attempt up to 10s. ok markus@
(earlier version), djm@
Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
Diffstat (limited to 'ssh-keysign.c')
0 files changed, 0 insertions, 0 deletions