java.lang.Object
com.aoapps.security.SecurityUtil
- Author:
- AO Industries, Inc.
-
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
slowAllZero
(byte[] a) Compares if a byte array is all-zero in length-constant time.static boolean
slowAllZero
(char[] a) Compares if a char array is all-zero in length-constant time.static boolean
slowEquals
(byte[] a, byte[] b) Compares two byte arrays in length-constant time.static boolean
slowEquals
(char[] a, char[] b) Compares two char arrays in length-constant time.
-
Method Details
-
slowEquals
public static boolean slowEquals(byte[] a, byte[] b) Compares two byte arrays in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm- Parameters:
a
- the first byte arrayb
- the second byte array- Returns:
- true if both byte arrays are the same, false if not
-
slowEquals
public static boolean slowEquals(char[] a, char[] b) Compares two char arrays in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm- Parameters:
a
- the first char arrayb
- the second char array- Returns:
- true if both char arrays are the same, false if not
-
slowAllZero
public static boolean slowAllZero(byte[] a) Compares if a byte array is all-zero in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm- Parameters:
a
- the byte array- Returns:
- true if byte arrays is all zeroes, false if not
-
slowAllZero
public static boolean slowAllZero(char[] a) Compares if a char array is all-zero in length-constant time. This comparison method is used so that password hashes cannot be extracted from an on-line system using a timing attack and then attacked off-line. https://crackstation.net/hashing-security.htm- Parameters:
a
- the char array- Returns:
- true if char arrays is all zeroes, false if not
-