garrettmills/commafeed
1
0
Fork 0
forked from Archives/Athou_commafeed
Code Pull Requests Activity

prevent timing attacks by using a time-constant comparison algorithm

Browse Source
This commit is contained in:
Athou
2014-08-13 17:08:42 +02:00
parent fa212e0911
commit 62a8e8c119
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/com/commafeed/backend/service/PasswordEncryptionService.java
View File

@@ -1,10 +1,10 @@
package com.commafeed.backend.service;
import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
@@ -30,7 +30,7 @@ public class PasswordEncryptionService implements Serializable {
// Authentication succeeds if encrypted password that the user entered
// is equal to the stored hash
return Arrays.equals(encryptedPassword, encryptedAttemptedPassword);
return MessageDigest.isEqual(encryptedPassword, encryptedAttemptedPassword);
}
public byte[] getEncryptedPassword(String password, byte[] salt) {