GitHub-Spring/spring-security - spring-security - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
Rob Winch	8c08eeb57b	SEC-1666: Use constant time comparison for sensitive data. Constant time comparison helps to mitigate timing attacks. See the following link for more information * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/ * http://en.wikipedia.org/wiki/Timing_attack for more information.	15 years ago
Rob Winch	2e822e9abe	SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times. Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack	15 years ago
Luke Taylor	6b1b012e2c	Added check for maximum AES key size in crypto.gradle to skip tests if limited strength crypto policy files are in place.	15 years ago
Luke Taylor	594f6694bb	Add logging of jdk version to crypto build file	15 years ago
Luke Taylor	d686f64f26	Skip EncryptorsTests when using <JDK 1.6 as AES isn't available	15 years ago
Luke Taylor	162cb64baa	SEC-1659: Label crypto utils package as only for internal use.	15 years ago
Keith Donald	b646e44646	SEC-1659: fixed bundlor step of build	15 years ago
Keith Donald	ea76efdb2c	SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm	15 years ago
Keith Donald	ffa7301e7f	SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages	15 years ago