The documentation for PHP’s hash_equals() (a string comparison function which is safe from timing attacks) says,
It is important to provide the user-supplied string as the second parameter, rather than the first.
Why is this?
- 1It's a duplicate of stackoverflow.com/questions/27911597/…Arminius– Arminius2017-04-26 22:34:23 +00:00Commented Apr 26, 2017 at 22:34
- See answer in duplicate questionZZromanZZ– ZZromanZZ2017-04-30 21:00:06 +00:00Commented Apr 30, 2017 at 21:00
Add a comment |