Comments (1)
Lothiraldan
commented on August 16, 2024
The second article use almost the same code than django constant_time_compare.
From the article:
if len(userMsg) != len(correctValue):
return False
result = 0
for x, y in zip(userMsg, correctValue):
result |= ord(x) ^ ord(y)
return result == 0
From django source code:
def constant_time_compare(val1, val2):
"""
Returns True if the two strings are equal, False otherwise.
The time taken is independent of the number of characters that match.
"""
if len(val1) != len(val2):
return False
result = 0
if six.PY3 and isinstance(val1, bytes) and isinstance(val2, bytes):
for x, y in zip(val1, val2):
result |= x ^ y
else:
for x, y in zip(val1, val2):
result |= ord(x) ^ ord(y)
return result == 0
I will make a pull-request for fixing the problem.
from pyjwt.
Related Issues (20)
- options verify_exp not working HOT 1
- sharing namespace jwt conflict, is this possible to prevent, pip install pyJWT give no warning HOT 3
- Please stop validating that `iat <= now` by default HOT 3
- Got error: Algorithm 'ES256' could not be found. Do you have cryptography installed? HOT 3
- Migration guide for python-jose users HOT 3
- Remove algorithm parameter overwrite in PyJWS.encode HOT 1
- There should be a check on the type of algorithms in signature verification HOT 1
- Decoding fails with "Invalid payload string: must be a json object" when the JSON is an array HOT 1
- https://nvd.nist.gov/vuln/detail/CVE-2024-26130 update cryptography HOT 2
- When is python 3.12 expected to be released as a package on PIP? HOT 4
- Consider cryptography 42.x.x new validation HOT 3
- Make a release 2.9.0? Or create a checklist that contributors can help with? HOT 5
- Minimal example of implementation with encode and decode HOT 1
- Cryptography package, needed, but not as a requirement? HOT 2
- Using PYJWKClient.get_signing_key_from_jwt(), getting a 'Expecting a PEM-formatted key' error. HOT 2
- Implement sub and jti check HOT 1
- Get signing alg from JWT header HOT 1
- jwk_from_pem not found in jwt HOT 1
- Error `TypeError: ECPublicKey.verify() takes 3 positional arguments but 4 were given` while using `jwt.decode`
- Incompatibility Issue: pyjwt==2.8.0 with cryptography==43.0.0 causes jwt.exceptions.PyJWKSetError
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyjwt.