Default password comparison should use constant-time string comparison

[brendanlong]

The default for comparing passwords is client_password == stored_password:

https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth.py#L146

This is a problem because Python compares strings character-by-character, so a password closer to the correct password takes longer to check. You might expect that this doesn't matter, but with thousands of requests and some statistics, an attacker can guess the password much faster than they should be able to:

https://codahale.com/a-lesson-in-timing-attacks/

There are two options for working around this (not including "don't use plaintext passwords"):

• Use a constant-time string comparison like hmac.compare_digest. This seems to require Python 3.3 but you could also just vendor this function.
• Compare hashes. It's kind of silly to hash two plaintext passwords, but this is the simplest way to avoid timing attacks in this comparison. For this purpose, the hash function doesn't really matter very much and you just want it to be fast (MD5 would be fine, but SHA1 will probably get you fewer people complaining about things they don't understand)

[miguelgrinberg]

I agree. This is on the oldest password checking approach, which I hope very few people use at this point, but still, no reason to not eliminate the risk of a timing attack. Would you like to submit a PR with the change?