def test_compare_secure_strings(): """ Tests that compare_secure_strings() returns True when the strings are equal and False otherwise. Does not test if the function actually mitigates timing side channel attacks. """ LENGTH = 128 string1 = misc_utils.generate_random_string(LENGTH) string2 = misc_utils.generate_random_string(LENGTH) assert string1 != string2 # Make sure compare_secure_strings returns True and False when expected. assert misc_utils.compare_secure_strings(string1, string1) == True assert misc_utils.compare_secure_strings(string1, string2) == False
def test_compare_secure_strings():
"""
Tests that compare_secure_strings() returns True when the strings are equal
and False otherwise. Does not test if the function actually mitigates timing
side channel attacks.
"""
LENGTH = 128
string1 = misc_utils.generate_random_string(LENGTH)
string2 = misc_utils.generate_random_string(LENGTH)
assert string1 != string2
# Make sure compare_secure_strings returns True and False when expected.
assert misc_utils.compare_secure_strings(string1, string1) == True
assert misc_utils.compare_secure_strings(string1, string2) == False
def verify_password(self, password):
"""
Verifies a password by applying each algorithm in turn to the password.
Returns True if successful, else False.
"""
# Check that we're in a state to check a password.
if not self.check_self():
return False
test_hash = password
true_hash = self.password_hash
for i in range(len(self.algorithms)):
algorithm = self.algorithms[i]
rounds = self.rounds[i]
salt = self.salts[i]
test_hash = hash_password(test_hash, salt, rounds, algorithm)
# In case an error occurs.
if test_hash is None:
return False
return misc_utils.compare_secure_strings(test_hash, true_hash)
