----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13252/ -----------------------------------------------------------
Review request for cloudstack and John Burwell. Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2312 and https://issues.apache.org/jira/browse/CLOUDSTACK-2314 Repository: cloudstack-git Description ------- 1. Fix timing attack by using a constant-time comparison function 2. Increase salt size 3. Make flow for invalid user go through full normal execution using a fake password and salt Diffs ----- plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java da93927 plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java da93927 Diff: https://reviews.apache.org/r/13252/diff/ Testing ------- Local environment Thanks, Amogh Vasekar
