vor 9 Jahren · 66fada01c8
--- a/README.md
+++ b/README.md
@@ -89,8 +89,6 @@ If you'd like to help with any of the items below, send a pull-request!
 
															 - Only supports [version
														
 
															   3](https://github.com/RNCryptor/RNCryptor-Spec/blob/0625abe597e67af4a9a40f460a10bc069b7caf48/RNCryptor-Spec-v3.md)
														
 
															   of the RNCryptor spec.
														
 
															-- Lacks [consistent-time equality
														
 
															-  checking](https://github.com/RNCryptor/RNCryptor-Spec/blob/0625abe597e67af4a9a40f460a10bc069b7caf48/RNCryptor-Spec-v3.md#consistent-time-equality-checking).
														
 
															 - Only provides functions for password-based encryption, lacks function for [key-based
														
 
															   encryption](https://github.com/RNCryptor/RNCryptor-Spec/blob/0625abe597e67af4a9a40f460a10bc069b7caf48/RNCryptor-Spec-v3.md#key-based-encryption-abstract-language).
														
--- a/rncryptor.go
+++ b/rncryptor.go
@@ -34,7 +34,9 @@ func Decrypt(password string, data []byte) ([]byte, error) {
 
															   testHmac.Write(msg)
														
 
															   testHmacVal := testHmac.Sum(nil)
														
 
															-  verified := bytes.Equal(testHmacVal, expectedHmac)
														
 
															+  // its important to use hmac.Equal to not leak time
														
 
															+  // information. See https://github.com/RNCryptor/RNCryptor-Spec
														
 
															+  verified := hmac.Equal(testHmacVal, expectedHmac)
														
 
															   if !verified {
														
 
															     return nil, errors.New("Password may be incorrect, or the data has been corrupted. (HMAC could not be verified)")