Why should password hash verification be time constant?What encryption hash function I should use for password securing?Why we use GPG signatures for file verification instead of hash values?Why should I hash passwords?Does bcrypt compare the hashes in “length-constant” time?Length-constant password comparison in scrypt?Should email verification be followed by password-based login? Why?Potential collision with hash passwordWhy is hashing a password with multiple hash functions useless?Why should password authentication require sending the password?Why should we protect access to password hashes?

Why does SSL Labs now consider CBC suites weak?

Biology of a Firestarter

How might a landlocked lake become a complete ecosystem?

How to make a not so good looking person more appealing?

How to rename a files in a directory

Will casting a card from the graveyard with Flashback add a quest counter on Pyromancer Ascension?

How to describe a building set which is like LEGO without using the "LEGO" word?

Would life always name the light from their sun "white"

Chinese words with non-Chinese letters / characters?

Do crew rest seats count towards the maximum allowed number of seats per flight attendant?

The meaning of the Middle English word “king”

Why are solar panels kept tilted?

Should generated documentation be stored in a Git repository?

Wireless headphones interfere with Wi-Fi signal on laptop

Substring join or additional table, which is faster?

Why does the headset man not get on the tractor?

Is it wrong to omit object pronouns in these sentences?

Is it safe to use two single-pole breakers for a 240 V circuit?

How does this Martian habitat 3D printer built for NASA work?

Uh oh, the propeller fell off

Can I say: "When was your train leaving?" if the train leaves in the future?

How to redirect stdout to a file, and stdout+stderr to another one?

Can only the master initiate communication in SPI whereas in I2C the slave can also initiate the communication?

Why weren't the bells paid heed to in S8E5?



Why should password hash verification be time constant?


What encryption hash function I should use for password securing?Why we use GPG signatures for file verification instead of hash values?Why should I hash passwords?Does bcrypt compare the hashes in “length-constant” time?Length-constant password comparison in scrypt?Should email verification be followed by password-based login? Why?Potential collision with hash passwordWhy is hashing a password with multiple hash functions useless?Why should password authentication require sending the password?Why should we protect access to password hashes?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








28















In the asp.net core PasswordHasher type there is is remark on the VerifyHashedPassword method



 /// <remarks>Implementations of this method should be time consistent.</remarks>


And then to compare the hashes it uses code that is deliberately not optimised and written not do early exits in the loop.



// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private static bool ByteArraysEqual(byte[] a, byte[] b)
 a.Length != b.Length)
 
 return false;
 
 var areSame = true;
 for (var i = 0; i < a.Length; i++)
 
 areSame &= (a[i] == b[i]);
 
 return areSame;



At first I thought that without this timing could be used to determine how close the hash was, if it takes longer then more of the hash is the same.



However this doesn't make sense because the hash has gone through 1000 iterations of SHA256 at this point. So any change in the password would produce a completely different hash, and knowing that your password produces almost the correct hash does not help you find the correct one.



What is the purpose of ensuring a constant time hash verification?






passwords hash







share|improve this question









New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 3





    Is that function used for anything other than comparing hashes?

    – forest
    May 9 at 2:12











  • no it is only used for comparing hashes

    – trampster
    May 9 at 2:14






  • 1





    On a side(-attack) note this code assumes that byte comparisons are constant time which isn't guaranteed. It's good that it probably doesn't matter.

    – JimmyJames
    May 9 at 16:06












  • For better (or worse), code gets copied around. In the current AspNetCore repo BinaryBlob there is a near-identical method that can be used to compare any byte[]. Just because the code you write isn't used for something right now doesn't mean it won't be misused later!

    – Carl Walsh
    May 9 at 23:35











  • You can use varName |= a[i] ^ b[i]; in the loop instead. Initialize the variable to zero. Finally, return varName == 0. The XOR of two values is zero if and only if the values are the same. Once you OR a non-zero value into varName, the set bits of the value |='d into varName will stay set. Bitwise operations on values of the native machine word size are constant time, so the modified function will be constant time too. (Assuming the compiler doesn't, as an optimization, insert an early exit into the loop.)

    – Future Security
    May 10 at 15:40


















28















In the asp.net core PasswordHasher type there is is remark on the VerifyHashedPassword method



 /// <remarks>Implementations of this method should be time consistent.</remarks>


And then to compare the hashes it uses code that is deliberately not optimised and written not do early exits in the loop.



// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private static bool ByteArraysEqual(byte[] a, byte[] b)
 a.Length != b.Length)
 
 return false;
 
 var areSame = true;
 for (var i = 0; i < a.Length; i++)
 
 areSame &= (a[i] == b[i]);
 
 return areSame;



At first I thought that without this timing could be used to determine how close the hash was, if it takes longer then more of the hash is the same.



However this doesn't make sense because the hash has gone through 1000 iterations of SHA256 at this point. So any change in the password would produce a completely different hash, and knowing that your password produces almost the correct hash does not help you find the correct one.



What is the purpose of ensuring a constant time hash verification?






passwords hash







share|improve this question









New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.














  • 3





    Is that function used for anything other than comparing hashes?

    – forest
    May 9 at 2:12











  • no it is only used for comparing hashes

    – trampster
    May 9 at 2:14






  • 1





    On a side(-attack) note this code assumes that byte comparisons are constant time which isn't guaranteed. It's good that it probably doesn't matter.

    – JimmyJames
    May 9 at 16:06












  • For better (or worse), code gets copied around. In the current AspNetCore repo BinaryBlob there is a near-identical method that can be used to compare any byte[]. Just because the code you write isn't used for something right now doesn't mean it won't be misused later!

    – Carl Walsh
    May 9 at 23:35











  • You can use varName |= a[i] ^ b[i]; in the loop instead. Initialize the variable to zero. Finally, return varName == 0. The XOR of two values is zero if and only if the values are the same. Once you OR a non-zero value into varName, the set bits of the value |='d into varName will stay set. Bitwise operations on values of the native machine word size are constant time, so the modified function will be constant time too. (Assuming the compiler doesn't, as an optimization, insert an early exit into the loop.)

    – Future Security
    May 10 at 15:40














28












28








28


3






In the asp.net core PasswordHasher type there is is remark on the VerifyHashedPassword method



 /// <remarks>Implementations of this method should be time consistent.</remarks>


And then to compare the hashes it uses code that is deliberately not optimised and written not do early exits in the loop.



// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private static bool ByteArraysEqual(byte[] a, byte[] b)
 a.Length != b.Length)
 
 return false;
 
 var areSame = true;
 for (var i = 0; i < a.Length; i++)
 
 areSame &= (a[i] == b[i]);
 
 return areSame;



At first I thought that without this timing could be used to determine how close the hash was, if it takes longer then more of the hash is the same.



However this doesn't make sense because the hash has gone through 1000 iterations of SHA256 at this point. So any change in the password would produce a completely different hash, and knowing that your password produces almost the correct hash does not help you find the correct one.



What is the purpose of ensuring a constant time hash verification?






passwords hash







share|improve this question









New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











In the asp.net core PasswordHasher type there is is remark on the VerifyHashedPassword method



 /// <remarks>Implementations of this method should be time consistent.</remarks>


And then to compare the hashes it uses code that is deliberately not optimised and written not do early exits in the loop.



// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
[MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
private static bool ByteArraysEqual(byte[] a, byte[] b)
 a.Length != b.Length)
 
 return false;
 
 var areSame = true;
 for (var i = 0; i < a.Length; i++)
 
 areSame &= (a[i] == b[i]);
 
 return areSame;



At first I thought that without this timing could be used to determine how close the hash was, if it takes longer then more of the hash is the same.



However this doesn't make sense because the hash has gone through 1000 iterations of SHA256 at this point. So any change in the password would produce a completely different hash, and knowing that your password produces almost the correct hash does not help you find the correct one.



What is the purpose of ensuring a constant time hash verification?






passwords hash




passwords hash






share|improve this question









New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










share|improve this question









New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








share|improve this question




share|improve this question








edited May 10 at 0:49









forest

41.8k18136150




41.8k18136150






New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








asked May 9 at 2:11









trampstertrampster

24125




24125




New contributor



trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




New contributor




trampster is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









  • 3





    Is that function used for anything other than comparing hashes?

    – forest
    May 9 at 2:12











  • no it is only used for comparing hashes

    – trampster
    May 9 at 2:14






  • 1





    On a side(-attack) note this code assumes that byte comparisons are constant time which isn't guaranteed. It's good that it probably doesn't matter.

    – JimmyJames
    May 9 at 16:06












  • For better (or worse), code gets copied around. In the current AspNetCore repo BinaryBlob there is a near-identical method that can be used to compare any byte[]. Just because the code you write isn't used for something right now doesn't mean it won't be misused later!

    – Carl Walsh
    May 9 at 23:35











  • You can use varName |= a[i] ^ b[i]; in the loop instead. Initialize the variable to zero. Finally, return varName == 0. The XOR of two values is zero if and only if the values are the same. Once you OR a non-zero value into varName, the set bits of the value |='d into varName will stay set. Bitwise operations on values of the native machine word size are constant time, so the modified function will be constant time too. (Assuming the compiler doesn't, as an optimization, insert an early exit into the loop.)

    – Future Security
    May 10 at 15:40













  • 3





    Is that function used for anything other than comparing hashes?

    – forest
    May 9 at 2:12











  • no it is only used for comparing hashes

    – trampster
    May 9 at 2:14






  • 1





    On a side(-attack) note this code assumes that byte comparisons are constant time which isn't guaranteed. It's good that it probably doesn't matter.

    – JimmyJames
    May 9 at 16:06












  • For better (or worse), code gets copied around. In the current AspNetCore repo BinaryBlob there is a near-identical method that can be used to compare any byte[]. Just because the code you write isn't used for something right now doesn't mean it won't be misused later!

    – Carl Walsh
    May 9 at 23:35











  • You can use varName |= a[i] ^ b[i]; in the loop instead. Initialize the variable to zero. Finally, return varName == 0. The XOR of two values is zero if and only if the values are the same. Once you OR a non-zero value into varName, the set bits of the value |='d into varName will stay set. Bitwise operations on values of the native machine word size are constant time, so the modified function will be constant time too. (Assuming the compiler doesn't, as an optimization, insert an early exit into the loop.)

    – Future Security
    May 10 at 15:40








3




3





Is that function used for anything other than comparing hashes?

– forest
May 9 at 2:12





Is that function used for anything other than comparing hashes?

– forest
May 9 at 2:12













no it is only used for comparing hashes

– trampster
May 9 at 2:14





no it is only used for comparing hashes

– trampster
May 9 at 2:14




1




1





On a side(-attack) note this code assumes that byte comparisons are constant time which isn't guaranteed. It's good that it probably doesn't matter.

– JimmyJames
May 9 at 16:06






On a side(-attack) note this code assumes that byte comparisons are constant time which isn't guaranteed. It's good that it probably doesn't matter.

– JimmyJames
May 9 at 16:06














For better (or worse), code gets copied around. In the current AspNetCore repo BinaryBlob there is a near-identical method that can be used to compare any byte[]. Just because the code you write isn't used for something right now doesn't mean it won't be misused later!

– Carl Walsh
May 9 at 23:35





For better (or worse), code gets copied around. In the current AspNetCore repo BinaryBlob there is a near-identical method that can be used to compare any byte[]. Just because the code you write isn't used for something right now doesn't mean it won't be misused later!

– Carl Walsh
May 9 at 23:35













You can use varName |= a[i] ^ b[i]; in the loop instead. Initialize the variable to zero. Finally, return varName == 0. The XOR of two values is zero if and only if the values are the same. Once you OR a non-zero value into varName, the set bits of the value |='d into varName will stay set. Bitwise operations on values of the native machine word size are constant time, so the modified function will be constant time too. (Assuming the compiler doesn't, as an optimization, insert an early exit into the loop.)

– Future Security
May 10 at 15:40






You can use varName |= a[i] ^ b[i]; in the loop instead. Initialize the variable to zero. Finally, return varName == 0. The XOR of two values is zero if and only if the values are the same. Once you OR a non-zero value into varName, the set bits of the value |='d into varName will stay set. Bitwise operations on values of the native machine word size are constant time, so the modified function will be constant time too. (Assuming the compiler doesn't, as an optimization, insert an early exit into the loop.)

– Future Security
May 10 at 15:40











1 Answer
1






active

oldest

votes


















40














Assuming neither of the hashes are secret and the hashes are secure (which SHA-256 is), there is no reason to check the hash in constant time. In fact, comparing hashes is one of the well-known alternatives to verifying passwords within a constant time routine. I can't say what reason the developers would give for doing this, but it is not technically necessary to make it constant time. Most likely, they were just being cautious. Non-constant time code in a cryptographic library makes auditors anxious.



More information about the theoretical weaknesses is discussed in an answer on the Cryptography site. It explains how, with a significant amount of queries, it can be possible to discover the first several bytes of the hash, which makes it possible to perform an offline computation to discard candidate passwords that obviously wouldn't match (their hash doesn't match the first few discovered bytes of the real hash) and avoid sending them to the password checking service, and why this is unlikely to be a real issue.






share|improve this answer




















  • 36





    "Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

    – Martin Bonner
    May 9 at 9:18











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






trampster is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f209807%2fwhy-should-password-hash-verification-be-time-constant%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









40














Assuming neither of the hashes are secret and the hashes are secure (which SHA-256 is), there is no reason to check the hash in constant time. In fact, comparing hashes is one of the well-known alternatives to verifying passwords within a constant time routine. I can't say what reason the developers would give for doing this, but it is not technically necessary to make it constant time. Most likely, they were just being cautious. Non-constant time code in a cryptographic library makes auditors anxious.



More information about the theoretical weaknesses is discussed in an answer on the Cryptography site. It explains how, with a significant amount of queries, it can be possible to discover the first several bytes of the hash, which makes it possible to perform an offline computation to discard candidate passwords that obviously wouldn't match (their hash doesn't match the first few discovered bytes of the real hash) and avoid sending them to the password checking service, and why this is unlikely to be a real issue.






share|improve this answer




















  • 36





    "Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

    – Martin Bonner
    May 9 at 9:18















40














Assuming neither of the hashes are secret and the hashes are secure (which SHA-256 is), there is no reason to check the hash in constant time. In fact, comparing hashes is one of the well-known alternatives to verifying passwords within a constant time routine. I can't say what reason the developers would give for doing this, but it is not technically necessary to make it constant time. Most likely, they were just being cautious. Non-constant time code in a cryptographic library makes auditors anxious.



More information about the theoretical weaknesses is discussed in an answer on the Cryptography site. It explains how, with a significant amount of queries, it can be possible to discover the first several bytes of the hash, which makes it possible to perform an offline computation to discard candidate passwords that obviously wouldn't match (their hash doesn't match the first few discovered bytes of the real hash) and avoid sending them to the password checking service, and why this is unlikely to be a real issue.






share|improve this answer




















  • 36





    "Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

    – Martin Bonner
    May 9 at 9:18













40












40








40







Assuming neither of the hashes are secret and the hashes are secure (which SHA-256 is), there is no reason to check the hash in constant time. In fact, comparing hashes is one of the well-known alternatives to verifying passwords within a constant time routine. I can't say what reason the developers would give for doing this, but it is not technically necessary to make it constant time. Most likely, they were just being cautious. Non-constant time code in a cryptographic library makes auditors anxious.



More information about the theoretical weaknesses is discussed in an answer on the Cryptography site. It explains how, with a significant amount of queries, it can be possible to discover the first several bytes of the hash, which makes it possible to perform an offline computation to discard candidate passwords that obviously wouldn't match (their hash doesn't match the first few discovered bytes of the real hash) and avoid sending them to the password checking service, and why this is unlikely to be a real issue.






share|improve this answer















Assuming neither of the hashes are secret and the hashes are secure (which SHA-256 is), there is no reason to check the hash in constant time. In fact, comparing hashes is one of the well-known alternatives to verifying passwords within a constant time routine. I can't say what reason the developers would give for doing this, but it is not technically necessary to make it constant time. Most likely, they were just being cautious. Non-constant time code in a cryptographic library makes auditors anxious.



More information about the theoretical weaknesses is discussed in an answer on the Cryptography site. It explains how, with a significant amount of queries, it can be possible to discover the first several bytes of the hash, which makes it possible to perform an offline computation to discard candidate passwords that obviously wouldn't match (their hash doesn't match the first few discovered bytes of the real hash) and avoid sending them to the password checking service, and why this is unlikely to be a real issue.







share|improve this answer














share|improve this answer



share|improve this answer








edited May 9 at 2:27

























answered May 9 at 2:17









forestforest

41.8k18136150




41.8k18136150







  • 36





    "Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

    – Martin Bonner
    May 9 at 9:18












  • 36





    "Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

    – Martin Bonner
    May 9 at 9:18







36




36





"Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

– Martin Bonner
May 9 at 9:18





"Non-constant time code in a cryptographic library makes auditors anxious." - this! If the code is constant time, nobody has to fret about that side channel. If it not, you have to write a comment (or design note) explaining why it's not a problem.

– Martin Bonner
May 9 at 9:18










trampster is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















trampster is a new contributor. Be nice, and check out our Code of Conduct.












trampster is a new contributor. Be nice, and check out our Code of Conduct.











trampster is a new contributor. Be nice, and check out our Code of Conduct.














Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f209807%2fwhy-should-password-hash-verification-be-time-constant%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

Image
Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
Read more

Circuit construction for execution of conditional statements using least significant bitHow are two different registers being used as “control”?How exactly is the stated composite state of the two registers being produced using the $R_zz$ controlled rotations?Efficiently performing controlled rotations in HHLWould this quantum algorithm implementation work?How to prepare a superposed states of odd integers from $1$ to $sqrtN$?Why is this implementation of the order finding algorithm not working?Circuit construction for Hamiltonian simulationHow can I invert the least significant bit of a certain term of a superposed state?Implementing an oracleImplementing a controlled sum operation

Image
How to attach cable mounting points to a bicycle frame? Is Jon Snow the last of his House? A steel cutting sword? I know that there is a preselected candidate for a position to be filled at my department. What should I do? Is the field of q-series 'dead'? How to cut a climbing rope? Do photons bend spacetime or not? Where have Brexit voters gone? Is it legal to have an abortion in another state or abroad? Did this character show any indication of wanting to rule before S8E6? How to respond to upset student? Compaq Portable vs IBM 5155 Portable PC Is the Indo-European language family made up? Can I summon an otherworldly creature with the Gate spell without knowing its true name? USPS Back Room - Trespassing? Can my floppy disk still work without a shutter spring? Alternatives to achieve certain output format Are black holes spherical during merger? Can the product of any two aperiodic functions which are defined on the entire number line be p
Read more

Magento 2 “No Payment Methods” in Admin New OrderHow to integrate Paypal Express Checkout with the Magento APIMagento 1.5 - Sales > Order > edit order and shipping methods disappearAuto Invoice Check/Money Order Payment methodAdd more simple payment methods?Shipping methods not showingWhat should I do to change payment methods if changing the configuration has no effects?1.9 - No Payment Methods showing upMy Payment Methods not Showing for downloadable/virtual product when checkout?Magento2 API to access internal payment methodHow to call an existing payment methods in the registration form?

Image
What is the meaning of [[:space:]] in bash? Is this artwork (used in a video game) real? What happens on Day 6? Link of a singularity Should I be able to keep my company purchased standing desk when I leave my job? Alternator dying so junk car? A scene of Jimmy diversity Is the Gritty Realism variant incompatible with dungeon-based adventures? What could be reasoning of male prison in VR world to only allow undershirt and sarong as nightwear to male prisoners Why does FFmpeg choose 10+20+20 ms instead of an even 16 ms for 60 fps GIF images? Sending a photo of my bank account card to the future employer Advice for paying off student loans and auto loans now that I have my first 'real' job If I stood next to a piece of metal heated to a million degrees, but in a perfect vacuum, would I feel hot? What made Windows ME so crash-prone? Can a dragon's breath weapon pass through Leomund's Tiny Hut? Did 007 exist before James Bond? Is there a sour
Read more