rfc:timing_attack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rfc:timing_attack [2014/02/02 23:29]
realityking
rfc:timing_attack [2014/06/25 13:35]
realityking
Line 3: Line 3:
   * Version: 1.0   * Version: 1.0
   * Date: 2013-12-22   * Date: 2013-12-22
-  * Author: Rouven Weßling, me@rouvenwessling +  * Author: Rouven Weßling, me@rouvenwessling.de 
-  * Status: ​Under Discussion+  * Status: ​Implemented in 5.6 as hash_equals()
   * First Published at: http://​wiki.php.net/​rfc/​timing_attack   * First Published at: http://​wiki.php.net/​rfc/​timing_attack
  
Line 43: Line 43:
 ===== Vote ===== ===== Vote =====
  
-<doodle title="​Timing attack safe string comparison function"​ auth="​realityking"​ voteType="​single"​ closed="​false">+<doodle title="​Timing attack safe string comparison function"​ auth="​realityking"​ voteType="​single"​ closed="​true">
    * Yes    * Yes
    * No    * No
Line 60: Line 60:
   * 0.1 Initial publication   * 0.1 Initial publication
   * 0.2 Renamed to hash_compare,​ added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk)   * 0.2 Renamed to hash_compare,​ added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk)
- * 1.0 Moved function to ext/hash. Started voting.+  ​* 1.0 Moved function to ext/hash. Started voting
 +  * 1.1 Added section about differences between RFC and implementation  
 + 
 +===== Differences between this RFC and the implementation ==== 
 +  * The function is now called hash_equals 
 +  * Both arguments passed to the function have to be strings, otherwise an E_WARNING is raised.
rfc/timing_attack.txt · Last modified: 2017/09/22 13:28 (external edit)