Meishin/LoginSystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,110 Commits 10 Branches 53 Tags
Commit Graph

16 Commits

Author SHA1 Message Date
Gabriele C.
90be2af901 Update usage of deprecated org.junit.Assert.assertThat 2024-04-26 02:06:39 +02:00
ljacqu
d55b4bb3b5 #1561 Fix timing attacks by comparing hashes in constant time (#1563) 
* #1561 Fix timing attacks by comparing hashes in constant time

* #1561 Fix timing attacks in phpBB fallback hashes
- As noted by @games647
 2018-04-22 21:27:38 +02:00
Alexandre Vanhecke
8fe92da119 #1150 - Add Argon2 support 
- Add argon2 implementation

- Extract argon2 library check to method on Argon 2
- Add link to Wiki page on errors
- Check within Argon2Test if the test cases should be run, not in the abstract parent
 2017-10-23 00:10:48 +02:00
ljacqu
b211c97395 Minor: delete PlainText implementation 
- It never gets used anymore and could cause security issues if we did accidentally use it as EncryptionMethod
 2017-10-22 09:27:03 +02:00
ljacqu
ea824ea3f0 #1016 Update hash algorithms list, add test that Deprecated annotation is in sync between enum and hash impl. class 2017-10-19 21:52:55 +02:00
ljacqu
c803822fa8 #1188 Create and keep encryption method instance (#1191) 
- Avoid creating the same object over and over; instead keep it and only change it on settings reload
 2017-04-30 17:41:51 +02:00
ljacqu
79a3858b29 #685 Allow to configure number of rounds for PBKDF2 2016-11-26 18:41:04 +01:00
ljacqu
19de5a0525 Close #449 Rename NewSetting class to Settings :) 2016-07-23 15:50:40 +02:00
ljacqu
9a91156000 #835 Replace injector classes with ones from ch.jalu.injector project 2016-07-17 21:50:48 +02:00
ljacqu
8f5817883e Testing - check return value of Set#add instead of separately checking Set#contains 2016-07-03 11:47:37 +02:00
ljacqu
d6e1fd5ceb Use injection in and for LimboCache, migrate some legacy settings, remove setGroup from Utils 
- New injector method allows to retrieve services if they've already been instantiated -> useful for onDisable() which might be run after aborted initialization
- Deprecate various methods that need to be removed
 2016-06-12 16:14:34 +02:00
ljacqu
3c6415a6a4 #432 Use injector instantiate hash algorithms 2016-04-30 12:17:18 +02:00
ljacqu
a78e0408c6 #449 Remove use of legacy settings in encryption methods 2016-04-23 12:46:30 +02:00
ljacqu
c0a393b8b3 Minor - rename EncryptedPassword to HashedPassword 
- We hash passwords; we don't encrypt them
 2015-12-30 22:51:59 +01:00
ljacqu
a3402d573f #358 Handle hash + salt as one "unit" 
- Rename HashResult to EncryptedPassword to reflect its broader use
- Use EncryptedPassword in methods that require the hash and the salt, instead of passing them as strings separately
- Store EncryptedPassword as field in PlayerAuth; updatePassword() thus processes the entire data in the EncryptedPassword object
 2015-12-30 17:56:22 +01:00
ljacqu
922082f312 #364 Add HashAlgorithm integration test, fix failing tests 
- Create integration test for the HashAlgorithm enum
- Create AsciiRestricted annotation and make test aware of it
- Add option to skip "same hash for same salt" test (for wordpress)
- Change some EncryptionMethods to extend from a common superclass
 2015-12-29 13:29:26 +01:00