cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chiradeep Vittal" <chirade...@gmail.com>
Subject Re: Review Request 13252: SHA256 timing attack and brute force attack fix
Date Wed, 07 Aug 2013 19:19:20 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13252/#review24818
-----------------------------------------------------------

Ship it!


Ship It!

- Chiradeep Vittal


On Aug. 7, 2013, 7:01 p.m., Amogh Vasekar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13252/
> -----------------------------------------------------------
> 
> (Updated Aug. 7, 2013, 7:01 p.m.)
> 
> 
> Review request for cloudstack and John Kinsella.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2312 and https://issues.apache.org/jira/browse/CLOUDSTACK-2314
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> 1. Fix timing attack by using a constant-time comparison function
> 2. Increase salt size
> 3. Make flow for invalid user go through full normal execution using a fake password
and salt
> 
> 
> Diffs
> -----
> 
>   plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
da939273ea10bff3b2687c9684edf8a5d0ab4b2e 
>   plugins/user-authenticators/sha256salted/test/src/com/cloud/server/auth/test/AuthenticatorTest.java
4e23d14fe43b4e334203f48196aced038ca0a196 
> 
> Diff: https://reviews.apache.org/r/13252/diff/
> 
> 
> Testing
> -------
> 
> Local environment
> 
> 
> Thanks,
> 
> Amogh Vasekar
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message