lots of things

author: Franklin Wei <git@fwei.tk> 2016-03-31 17:05:37 -0400
committer: Franklin Wei <git@fwei.tk> 2016-03-31 17:05:37 -0400
commit: 207850187986568b17ea9b2d9c29510cb00bf9da (patch)
tree: aee87cf74280e8f9dd29aca88d12a638f37b2493 /src/auth.c
parent: b3699dd5df18db3c060bb88a74c1b05e37154c76 (diff)
download: netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.zip
netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.tar.gz
netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.tar.bz2
netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/auth.c b/src/auth.c
index 069e9fe..c7b53d3 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -193,11 +193,12 @@ struct userdata_t *auth_check(const char *name2, const char *pass2)
     {
         debugf("auth module: user %s found\n", name2);
 
-        /* hashes are in HEX to avoid the Trucha bug */
+        /* hashes are in lowercase hex to avoid the Trucha bug
+         * but still allow comparison with strcmp() */
         char *new_hash_hex = hash_pass_hex(pass, salt);
 
         bool success = true;
-        /* constant-time comparison to a timing attack */
+        /* constant-time comparison to hopefully prevent a timing attack */
         for(int i = 0; i < AUTH_HASHLEN; ++i)
         {
             if(new_hash_hex[i] != hash[i])
author	Franklin Wei <git@fwei.tk>	2016-03-31 17:05:37 -0400
committer	Franklin Wei <git@fwei.tk>	2016-03-31 17:05:37 -0400
commit	207850187986568b17ea9b2d9c29510cb00bf9da (patch)
tree	aee87cf74280e8f9dd29aca88d12a638f37b2493 /src/auth.c
parent	b3699dd5df18db3c060bb88a74c1b05e37154c76 (diff)
download	netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.zip netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.tar.gz netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.tar.bz2 netcosm-207850187986568b17ea9b2d9c29510cb00bf9da.tar.xz