PHP :: Doc Bug #69230 :: password_verify should indicate whether it's vulnerable to timing attacks

Doc Bug #69230	password_verify should indicate whether it's vulnerable to timing attacks
Submitted:	2015-03-12 15:00 UTC	Modified:	2015-06-25 11:30 UTC
From:	brian at access9 dot net	Assigned:	peehaa (profile)
Status:	Closed	Package:	Documentation problem
PHP Version:	5.5.22	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2015-03-12 15:00 UTC] brian at access9 dot net

Description:
------------
---
From manual page: http://www.php.net/function.password-verify
---
The documentation for the hash_verify() function (http://php.net/manual/en/function.hash-equals.php) clearly states that it is a "Timing attack safe string comparison".

The documentation for password_verify() should indicate whether it is or is not vulnerable to timing based attacks.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-03-14 11:32 UTC] peehaa@php.net

-Assigned To: +Assigned To: peehaa

[2015-06-25 11:30 UTC] peehaa@php.net

-Status: Assigned +Status: Closed

[2015-06-25 11:30 UTC] peehaa@php.net

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 00:01:32 2024 UTC