Author: ieb Date: Thu Oct 10 09:08:40 2013 New Revision: 1530885 URL: http://svn.apache.org/r1530885 Log: SLING-3154 Add Topology Message Verification to the Discovery service.
Encryption key generation was too slow at 151ms, now 2ms. Reduced the number of hashes. Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1530885&r1=1530884&r2=1530885&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Thu Oct 10 09:08:40 2013 @@ -457,7 +457,9 @@ public class TopologyRequestValidator { */ private Key getCiperKey(byte[] salt) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); - KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(),salt, 65536, 128); + // hashing the password 65K times takes 151ms, hashing 256 times takes 2ms. + // Since the salt has 2^^72 values, 256 times is probably good enough. + KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(), salt, 256, 128); SecretKey tmp = factory.generateSecret(spec); SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES"); return key;