Use a salted hash of the lock passphrase instead of plain text and do

constant-time comparisons of it. Should prevent leaking any information about
it via timing, pointed out by Ryan Castellucci.  Add a 0.1s incrementing delay
for each failed unlock attempt up to 10s.  ok markus@ (earlier version), djm@

0 files changed, 0 insertions, 0 deletions