Last active
March 28, 2022 08:37
-
-
Save wttj-tech/dc8548331b91f2922f751eb03f5fd108 to your computer and use it in GitHub Desktop.
Prevent timing attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @doc """ | |
| Verifies the password. | |
| If there is no user or the user doesn't have a password, we call | |
| `Bcrypt.no_user_verify/0` to avoid timing attacks. | |
| """ | |
| def valid_password?(%TestAuth.Accounts.User{hashed_password: hashed_password}, password) | |
| when is_binary(hashed_password) and byte_size(password) > 0 do | |
| Bcrypt.verify_pass(password, hashed_password) | |
| end | |
| def valid_password?(_, _) do | |
| Bcrypt.no_user_verify() | |
| false | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment