Please do not implement auth stuff yourself. And if you do, do not ever write something like this:

if (passwordHash == hash(passwortInput)) ...

this is prone to timing attacks and a few other things. Use a save way to compare things using a crypto library helper function of your choice.

@bitboxer If it's properly hashed, do you still expect bits to leak through the timing of the comparison?

@schnittchen it depends on what the 'hash' function is that is used. And people writing it in this style usually have now clue what they are doing. Because of that lots of crypto libs have helper functions to abstract this away for you. And if you write javascript, there are interesting things that might happen when you are not using `===`. So many potential errors in one little harmless looking line.

@bitboxer The hash question aside, so we need a library to make javascript safe! 😂

Sign in to participate in the conversation

This is a small private instance run by Gil and Bitboxer. If you have any questions, feel free to open an issue in our Github repository.