Welcome to the Linux Foundation Forum!

Constant Time Algorithms for Java

Hi David,

Just working through the Constant Time Algorithms section of the course, I came across an incorrect statement regarding Java library support for it. The name of the Java method that performs constant-time equality checking for digests is MessageDigest::isEqual see https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte[],byte[]) (the page names it equals).

There is also a Google Guava method HashCode::equals whose documentation explicitly states it is intended to protect against timing attacks, see https://github.com/google/guava/blob/master/guava/src/com/google/common/hash/HashCode.java#L371.

Best regards,

Simon

Comments

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training