You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ie...@apache.org on 2013/10/10 11:08:40 UTC

svn commit: r1530885 - /sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java

Author: ieb
Date: Thu Oct 10 09:08:40 2013
New Revision: 1530885

URL: http://svn.apache.org/r1530885
Log:
SLING-3154 Add Topology Message Verification to the Discovery service.

Encryption key generation was too slow at 151ms, now 2ms. Reduced the
number of hashes.

Modified:
    sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java

Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1530885&r1=1530884&r2=1530885&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Thu Oct 10 09:08:40 2013
@@ -457,7 +457,9 @@ public class TopologyRequestValidator {
      */
     private Key getCiperKey(byte[] salt) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
         SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
-        KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(),salt, 65536, 128);
+        // hashing the password 65K times takes 151ms, hashing 256 times takes 2ms.
+        // Since the salt has 2^^72 values, 256 times is probably good enough.
+        KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(), salt, 256, 128);
         SecretKey tmp = factory.generateSecret(spec);
         SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES");
         return key;