constant-time-auth-failure-prevents-email-enumeration

On login with an unknown email, always execute a dummy argon2id hash (same computational cost as a real hash) before returning ‘Invalid email or password’. Without the dummy hash, unknown-email lookups return in microseconds while known-email failures take milliseconds, enabling email enumeration via timing oracle. This pattern was implemented in R-Same UserService.

Related

• constant-time-auth-prevents-email-enumeration
• r-same-m1-identity-backend-core-wave-1-pass-1
• r-same-auth-constant-time-generic-errors-required
• oracle
• r-same-m1-identity-pass-2-admin-mfa-enroll-password-reset-re
• argon2id-owasp-2024-params-for-password-hashing