Skip to content

Commit 55a7693

Browse files
committed
Added XOR compare passwords method
1 parent 69daaf1 commit 55a7693

2 files changed

Lines changed: 35 additions & 3 deletions

File tree

crypto-java/src/main/java/de/dominikschadow/javasecurity/hash/PBKDF2HashSample.java

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
public class PBKDF2HashSample {
4040
private static final Logger logger = LoggerFactory.getLogger(PBKDF2HashSample.class);
4141
private static final String ALGORITHM = "PBKDF2WithHmacSHA1";
42-
private static final int ITERATIONS = 100000;
42+
private static final int ITERATIONS = 1000000;
4343
private static final int SALT_SIZE = 24;
4444
private static final int HASH_SIZE = 192;
4545

@@ -82,6 +82,22 @@ private boolean verifyPassword(byte[] originalHash, String password, byte[] salt
8282
logger.info("hash 1: {}", BaseEncoding.base64().encode(originalHash));
8383
logger.info("hash 2: {}", BaseEncoding.base64().encode(comparisonHash));
8484

85-
return Arrays.equals(originalHash, comparisonHash);
85+
return comparePasswords(originalHash, comparisonHash);
86+
}
87+
88+
/**
89+
* Compares the two byte arrays in length-constant time using XOR.
90+
*
91+
* @param originalHash The original password hash
92+
* @param comparisonHash The comparison password hash
93+
* @return True if both match, false otherwise
94+
*/
95+
private boolean comparePasswords(byte[] originalHash, byte[] comparisonHash) {
96+
int diff = originalHash.length ^ comparisonHash.length;
97+
for (int i = 0; i < originalHash.length && i < comparisonHash.length; i++) {
98+
diff |= originalHash[i] ^ comparisonHash[i];
99+
}
100+
101+
return diff == 0;
86102
}
87103
}

crypto-java/src/main/java/de/dominikschadow/javasecurity/hash/SHA512HashSample.java

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,22 @@ private boolean verifyPassword(byte[] originalHash, String password, byte[] salt
8888
logger.info("hash 1: {}", BaseEncoding.base64().encode(originalHash));
8989
logger.info("hash 2: {}", BaseEncoding.base64().encode(comparisonHash));
9090

91-
return Arrays.equals(originalHash, comparisonHash);
91+
return comparePasswords(originalHash, comparisonHash);
92+
}
93+
94+
/**
95+
* Compares the two byte arrays in length-constant time using XOR.
96+
*
97+
* @param originalHash The original password hash
98+
* @param comparisonHash The comparison password hash
99+
* @return True if both match, false otherwise
100+
*/
101+
private boolean comparePasswords(byte[] originalHash, byte[] comparisonHash) {
102+
int diff = originalHash.length ^ comparisonHash.length;
103+
for (int i = 0; i < originalHash.length && i < comparisonHash.length; i++) {
104+
diff |= originalHash[i] ^ comparisonHash[i];
105+
}
106+
107+
return diff == 0;
92108
}
93109
}

0 commit comments

Comments
 (0)