Author: ieb
Date: Thu Oct 10 09:08:40 2013
New Revision: 1530885
URL: http://svn.apache.org/r1530885
Log:
SLING-3154 Add Topology Message Verification to the Discovery service.
Encryption key generation was too slow at 151ms, now 2ms. Reduced the
number of hashes.
Modified:
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
Modified:
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1530885&r1=1530884&r2=1530885&view=diff
==============================================================================
---
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
(original)
+++
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
Thu Oct 10 09:08:40 2013
@@ -457,7 +457,9 @@ public class TopologyRequestValidator {
*/
private Key getCiperKey(byte[] salt) throws UnsupportedEncodingException,
NoSuchAlgorithmException, InvalidKeySpecException {
SecretKeyFactory factory =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(),salt, 65536,
128);
+ // hashing the password 65K times takes 151ms, hashing 256 times takes
2ms.
+ // Since the salt has 2^^72 values, 256 times is probably good enough.
+ KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(), salt, 256, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES");
return key;
