----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13252/#review24818 -----------------------------------------------------------
Ship it! Ship It! - Chiradeep Vittal On Aug. 7, 2013, 7:01 p.m., Amogh Vasekar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/13252/ > ----------------------------------------------------------- > > (Updated Aug. 7, 2013, 7:01 p.m.) > > > Review request for cloudstack and John Kinsella. > > > Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2312 and > https://issues.apache.org/jira/browse/CLOUDSTACK-2314 > > > Repository: cloudstack-git > > > Description > ------- > > 1. Fix timing attack by using a constant-time comparison function > 2. Increase salt size > 3. Make flow for invalid user go through full normal execution using a fake > password and salt > > > Diffs > ----- > > > plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java > da939273ea10bff3b2687c9684edf8a5d0ab4b2e > > plugins/user-authenticators/sha256salted/test/src/com/cloud/server/auth/test/AuthenticatorTest.java > 4e23d14fe43b4e334203f48196aced038ca0a196 > > Diff: https://reviews.apache.org/r/13252/diff/ > > > Testing > ------- > > Local environment > > > Thanks, > > Amogh Vasekar > >
