On Thu, Sep 29, 2011 at 08:15:55PM +0200, Stephan Beal wrote:
> On Thu, Sep 29, 2011 at 8:00 PM, Dmitry Chestnykh
> <dmi...@codingrobots.com>wrote:
>
> > The more eyes the better, as it touches login code.
> > ...COMPARE("AAAAAAAAA", "PASSWORD") returns FALSE in 0.1 msec, but
> > COMPARE("PAAAAAAAA", "PASSWORD") returns FALSE in 0.3 msec, because it did
> > two comparisons:
> >
>
> All that said - i wouldn't object to this being added (as if my vote
> matters! ;), i just think it's overly paranoid.
I totally agree. I don't object, but I consider this either paranoid or simply
thinking an excuse to play with fossil authentication code. :)
Regards.
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
