Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

prevent timing attacks by using a time-constant comparison algorithm

Browse Source
This commit is contained in:
Athou
2014-08-13 17:08:42 +02:00
parent fa212e0911
commit 62a8e8c119
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/com/commafeed/backend/service/PasswordEncryptionService.java
View File

@@ -1,10 +1,10 @@
package com.commafeed.backend.service; package com.commafeed.backend.service;
import java.io.Serializable; import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.spec.KeySpec; import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
@@ -30,7 +30,7 @@ public class PasswordEncryptionService implements Serializable {
// Authentication succeeds if encrypted password that the user entered // Authentication succeeds if encrypted password that the user entered
// is equal to the stored hash // is equal to the stored hash
return Arrays.equals(encryptedPassword, encryptedAttemptedPassword); return MessageDigest.isEqual(encryptedPassword, encryptedAttemptedPassword);
} }
public byte[] getEncryptedPassword(String password, byte[] salt) { public byte[] getEncryptedPassword(String password, byte[] salt) {