Module com.aoapps.security
Package com.aoapps.security

Class SecurityUtil

java.lang.Object
com.aoapps.security.SecurityUtil
public final class SecurityUtil extends Object
https://crackstation.net/hashing-security.htm
Author:
AO Industries, Inc.

  • Method Summary

    Modifier and Type
    Method
    Description
    static boolean
    slowAllZero(byte[] a)
    Compares if a byte array is all-zero in length-constant time.
    static boolean
    slowAllZero(char[] a)
    Compares if a char array is all-zero in length-constant time.
    static boolean
    slowEquals(byte[] a, byte[] b)
    Compares two byte arrays in length-constant time.
    static boolean
    slowEquals(char[] a, char[] b)
    Compares two char arrays in length-constant time.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • slowEquals

      public static boolean slowEquals(byte[] a, byte[] b)
      Compares two byte arrays in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm
      Parameters:
      a - the first byte array
      b - the second byte array
      Returns:
      true if both byte arrays are the same, false if not

    • slowEquals

      public static boolean slowEquals(char[] a, char[] b)
      Compares two char arrays in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm
      Parameters:
      a - the first char array
      b - the second char array
      Returns:
      true if both char arrays are the same, false if not

    • slowAllZero

      public static boolean slowAllZero(byte[] a)
      Compares if a byte array is all-zero in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm
      Parameters:
      a - the byte array
      Returns:
      true if byte arrays is all zeroes, false if not

    • slowAllZero

      public static boolean slowAllZero(char[] a)
      Compares if a char array is all-zero in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm
      Parameters:
      a - the char array
      Returns:
      true if char arrays is all zeroes, false if not