Don't reveal whether password is <20 or >20 characters in RPC #4728

pull laanwj wants to merge 1 commits into bitcoin:master from laanwj:2014_08_rpcserver_password_delay changing 1 files +2 −3

laanwj commented at 12:48 PM on August 19, 2014: member

As discussed on IRC.

It seems bad to base a decision to delay on the password length, as it leaks a tiny bit of information.

This doesn't change DoS potential as it is trivial to hold up all RPC threads in another way for someone in the rpcallowip list.

Don't reveal whether password is <20 or >20 characters in RPC

As discussed on IRC.

It seems bad to base a decision to delay based on the password length,
as it leaks a small amount of information.

01094bd01f

laanwj added the label RPC on Aug 19, 2014
BitcoinPullTester commented at 1:01 PM on August 19, 2014: none

Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4728_01094bd01f5d999b7da698c0e655cf723afa8ebb/ for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.
gavinandresen commented at 1:31 PM on August 19, 2014: contributor

Untested ACK
jgarzik commented at 1:59 PM on August 19, 2014: contributor

ut ACK
gavinandresen referenced this in commit 10dcbc1be0 on Aug 19, 2014
gavinandresen merged this on Aug 19, 2014
gavinandresen closed this on Aug 19, 2014
MarcoFalke locked this on Sep 8, 2021

Contributors

Labels