16 Commits

Author SHA1 Message Date
Gabriele C.
90be2af901 Update usage of deprecated org.junit.Assert.assertThat 2024-04-26 02:06:39 +02:00
ljacqu
d55b4bb3b5 #1561 Fix timing attacks by comparing hashes in constant time (#1563)
* #1561 Fix timing attacks by comparing hashes in constant time

* #1561 Fix timing attacks in phpBB fallback hashes
- As noted by @games647
2018-04-22 21:27:38 +02:00
Alexandre Vanhecke
8fe92da119 #1150 - Add Argon2 support
- Add argon2 implementation

- Extract argon2 library check to method on Argon 2
- Add link to Wiki page on errors
- Check within Argon2Test if the test cases should be run, not in the abstract parent
2017-10-23 00:10:48 +02:00
ljacqu
b211c97395 Minor: delete PlainText implementation
- It never gets used anymore and could cause security issues if we did accidentally use it as EncryptionMethod
2017-10-22 09:27:03 +02:00
ljacqu
ea824ea3f0 #1016 Update hash algorithms list, add test that Deprecated annotation is in sync between enum and hash impl. class 2017-10-19 21:52:55 +02:00
ljacqu
c803822fa8 #1188 Create and keep encryption method instance (#1191)
- Avoid creating the same object over and over; instead keep it and only change it on settings reload
2017-04-30 17:41:51 +02:00
ljacqu
79a3858b29 #685 Allow to configure number of rounds for PBKDF2 2016-11-26 18:41:04 +01:00
ljacqu
19de5a0525 Close #449 Rename NewSetting class to Settings :) 2016-07-23 15:50:40 +02:00
ljacqu
9a91156000 #835 Replace injector classes with ones from ch.jalu.injector project 2016-07-17 21:50:48 +02:00
ljacqu
8f5817883e Testing - check return value of Set#add instead of separately checking Set#contains 2016-07-03 11:47:37 +02:00
ljacqu
d6e1fd5ceb Use injection in and for LimboCache, migrate some legacy settings, remove setGroup from Utils
- New injector method allows to retrieve services if they've already been instantiated -> useful for onDisable() which might be run after aborted initialization
- Deprecate various methods that need to be removed
2016-06-12 16:14:34 +02:00
ljacqu
3c6415a6a4 #432 Use injector instantiate hash algorithms 2016-04-30 12:17:18 +02:00
ljacqu
a78e0408c6 #449 Remove use of legacy settings in encryption methods 2016-04-23 12:46:30 +02:00
ljacqu
c0a393b8b3 Minor - rename EncryptedPassword to HashedPassword
- We hash passwords; we don't encrypt them
2015-12-30 22:51:59 +01:00
ljacqu
a3402d573f #358 Handle hash + salt as one "unit"
- Rename HashResult to EncryptedPassword to reflect its broader use
- Use EncryptedPassword in methods that require the hash and the salt, instead of passing them as strings separately
- Store EncryptedPassword as field in PlayerAuth; updatePassword() thus processes the entire data in the EncryptedPassword object
2015-12-30 17:56:22 +01:00
ljacqu
922082f312 #364 Add HashAlgorithm integration test, fix failing tests
- Create integration test for the HashAlgorithm enum
- Create AsciiRestricted annotation and make test aware of it
- Add option to skip "same hash for same salt" test (for wordpress)
- Change some EncryptionMethods to extend from a common superclass
2015-12-29 13:29:26 +01:00