Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,513 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
Luke Taylor 45d938566c Some tests for Base64 encoding. 2011-08-12 19:44:27 +01:00
Luke Taylor 89b7b2b935 SEC-1764: Remove use of Java 6 method Arrays.copyOfRange. 2011-06-15 11:22:17 +01:00
Luke Taylor e27f655e9d SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core. 2011-06-10 00:01:25 +01:00
Luke Taylor 50828cdd43 SEC-1689: Move crypto module code to core for simplicity. 2011-03-10 18:58:47 +00:00
Rob Winch 8c08eeb57b SEC-1666: Use constant time comparison for sensitive data. 
Constant time comparison helps to mitigate timing attacks. See the following link for more information

 * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
 * http://en.wikipedia.org/wiki/Timing_attack for more information.
 2011-01-31 23:03:51 -06:00
Rob Winch 2e822e9abe SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times. 
Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This
alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack
 2011-01-30 22:30:01 -06:00
Luke Taylor 6b1b012e2c Added check for maximum AES key size in crypto.gradle to skip tests if limited strength crypto policy files are in place. 2011-01-20 02:13:33 +00:00
Luke Taylor 594f6694bb Add logging of jdk version to crypto build file 2011-01-20 01:31:30 +00:00
Luke Taylor d686f64f26 Skip EncryptorsTests when using <JDK 1.6 as AES isn't available 2011-01-19 23:43:13 +00:00
Luke Taylor 162cb64baa SEC-1659: Label crypto utils package as only for internal use. 2011-01-19 18:19:58 +00:00
Keith Donald b646e44646 SEC-1659: fixed bundlor step of build 2011-01-19 18:17:03 +00:00
Keith Donald ea76efdb2c SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm 2011-01-19 18:17:02 +00:00
Keith Donald ffa7301e7f SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages 2011-01-19 18:17:02 +00:00