Inspection of "Lower entropy consumed by str::equals" - mmeyer2k/dcrypt - Measure and Improve Code Quality continuously with Scrutinizer

dcrypt

Completed

Push — master ( 6c7ecf...539cfe )

by Michael

created 2019-05-08 17:45 UTC

Status

All Patches
7
New
1

Spacing +2 added lines, -2 removed lines patch added patch discarded remove patch

@@ -48,8 +48,8 @@
 block discarded – undo
         // We hash the 2 inputs at this point because hash_equals is still 
         // vulnerable to timing attacks when the inputs have different sizes.
         // Inputs are also cast to string like in symfony stringutils.
-        $known = \hash_hmac('sha256', (string)$known, $nonce, true);
-        $given = \hash_hmac('sha256', (string)$given, $nonce, true);
+        $known = \hash_hmac('sha256', (string) $known, $nonce, true);
+        $given = \hash_hmac('sha256', (string) $given, $nonce, true);
 
         return \hash_equals($known, $given);
     }

Please login to merge, or discard this patch.

		@@ -48,8 +48,8 @@
		block discarded – undo
48	48	// We hash the 2 inputs at this point because hash_equals is still
49	49	// vulnerable to timing attacks when the inputs have different sizes.
50	50	// Inputs are also cast to string like in symfony stringutils.
51		- $known = \hash_hmac('sha256', (string)$known, $nonce, true);
52		- $given = \hash_hmac('sha256', (string)$given, $nonce, true);
	51	+ $known = \hash_hmac('sha256', (string) $known, $nonce, true);
	52	+ $given = \hash_hmac('sha256', (string) $given, $nonce, true);
53	53
54	54	return \hash_equals($known, $given);
55	55	}

mmeyer2k / dcrypt

Push — master ( 6c7ecf...539cfe )

Status

Category

Spacing +2 added lines, -2 removed lines patch added patch discarded remove patch