Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 23:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,059 Commits 33 Branches 337 Tags
Commit Graph

157 Commits

Author SHA1 Message Date
Luke Taylor
50828cdd43 SEC-1689: Move crypto module code to core for simplicity. 2011-03-10 18:58:47 +00:00
Rob Winch
8c08eeb57b SEC-1666: Use constant time comparison for sensitive data. 
Constant time comparison helps to mitigate timing attacks. See the following link for more information

 * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
 * http://en.wikipedia.org/wiki/Timing_attack for more information.
 2011-01-31 23:03:51 -06:00
Rob Winch
2e822e9abe SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times. 
Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This
alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack
 2011-01-30 22:30:01 -06:00
Luke Taylor
162cb64baa SEC-1659: Label crypto utils package as only for internal use. 2011-01-19 18:19:58 +00:00
Keith Donald
b646e44646 SEC-1659: fixed bundlor step of build 2011-01-19 18:17:03 +00:00
Keith Donald
ea76efdb2c SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm 2011-01-19 18:17:02 +00:00
Keith Donald
ffa7301e7f SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages 2011-01-19 18:17:02 +00:00