Skip to content

Should File::hasSameHash use hash_equals? #49718

Answered by valorin
simonhamp asked this question in Q&A
Discussion options

You must be logged in to vote

Yep, it should definitely be using hash_equals() in there to compare the hashes. 👍

As you said, hash timing attacks are technically possible, but incredibly difficult to conduct. However, that's not a good reason to write weak code when we have a secure alternative that we can easily use instead.

Oh and I love that you're referencing Securing Laravel. 🥰

Replies: 2 comments 1 reply

Comment options

You must be logged in to vote
1 reply
@simonhamp
Comment options

Answer selected by simonhamp
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants