org.apache.ftpserver.util

Class PasswordUtil

java.lang.Object

org.apache.ftpserver.util.PasswordUtil

public class PasswordUtil
extends Object

Constructor Summary

Constructors

Constructor and Description
PasswordUtil()

Method Summary

Modifier and Type	Method and Description
static boolean	secureCompare(String input, String password, int loops) Securely compares two strings up to a maximum number of characters in a way that obscures the password length from timing attacks
static boolean	secureCompareFast(String input, String password) Securely compares two strings forcing the number of loops equal to password length thereby obscuring the password length based on user input

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordUtil

public PasswordUtil()

Method Detail

secureCompare

public static boolean secureCompare(String input,
                                    String password,
                                    int loops)

Securely compares two strings up to a maximum number of characters in a way that obscures the password length from timing attacks

Parameters:

input - user input

password - correct password

loops - number of characters to compare; must be larger than password length; 1024 is a good number

Returns:

true if the passwords match

Throws:

IllegalArgumentException - when the limit is less than the password length

secureCompareFast

public static boolean secureCompareFast(String input,
                                        String password)

Securely compares two strings forcing the number of loops equal to password length thereby obscuring the password length based on user input

Parameters:

input - user input

password - correct password

Returns:

true if the passwords match

Throws:

IllegalArgumentException - when the limit is less than the password length