spring-security

Commit Graph

Author	SHA1	Message	Date
Luke Taylor	743960d2d8	SEC-2122: Fix broken integration tests. Modified BCryptPasswordEncoder to no longer throw an IllegalArgumentException when the encoded password is empty or the incorrect format for bcrypt. Instead it now logs a warning that non bcrypt data was found. The Dms integration tests were failing after being changed to use bcrypt and this fixes the issue.	13 years ago
Luke Taylor	d6524feb62	SEC-2122: Change doc to prioritize bcrypt use	13 years ago
Rob Winch	a6bded86c2	SEC-1990: Polishing code cleanup on BCrypt - Formatting - Renamed test to be BCryptTests to better align with Spring Security's naming conventions	14 years ago
Joseph Walton	14a5135ac3	SEC-1990: Clean up jBCrypt and include its tests. Merge in changes from jBCrypt. - Use a ByteArrayOutputStream to cache bytes. - Pass a StringBuilder into encode_base64. - Refactor string comparison into its own method. - General clean up.	14 years ago
Luke Taylor	3760d792ea	SEC-1890: Add checks for validity of stored bcrypt hash When checking for a match, the BCryptPasswordEncoder validates the stored hash against a pattern to check that it actually is a bcrypt value.	14 years ago
Dave Syer	8565116f20	SEC-1472: Add crypto wrappers for BCrypt	14 years ago
Luke Taylor	45d938566c	Some tests for Base64 encoding.	15 years ago
Luke Taylor	89b7b2b935	SEC-1764: Remove use of Java 6 method Arrays.copyOfRange.	15 years ago
Luke Taylor	e27f655e9d	SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core.	15 years ago
Luke Taylor	50828cdd43	SEC-1689: Move crypto module code to core for simplicity.	15 years ago
Rob Winch	8c08eeb57b	SEC-1666: Use constant time comparison for sensitive data. Constant time comparison helps to mitigate timing attacks. See the following link for more information * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/ * http://en.wikipedia.org/wiki/Timing_attack for more information.	15 years ago
Rob Winch	2e822e9abe	SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times. Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack	15 years ago
Luke Taylor	162cb64baa	SEC-1659: Label crypto utils package as only for internal use.	15 years ago
Keith Donald	b646e44646	SEC-1659: fixed bundlor step of build	15 years ago
Keith Donald	ea76efdb2c	SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm	15 years ago
Keith Donald	ffa7301e7f	SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages	15 years ago

16 Commits (8fed90c26ca9dcda643fd7dee4ef2c475ad1fb79)