You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ie...@apache.org on 2013/10/10 11:08:40 UTC
svn commit: r1530885 -
/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
Author: ieb
Date: Thu Oct 10 09:08:40 2013
New Revision: 1530885
URL: http://svn.apache.org/r1530885
Log:
SLING-3154 Add Topology Message Verification to the Discovery service.
Encryption key generation was too slow at 151ms, now 2ms. Reduced the
number of hashes.
Modified:
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1530885&r1=1530884&r2=1530885&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Thu Oct 10 09:08:40 2013
@@ -457,7 +457,9 @@ public class TopologyRequestValidator {
*/
private Key getCiperKey(byte[] salt) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(),salt, 65536, 128);
+ // hashing the password 65K times takes 151ms, hashing 256 times takes 2ms.
+ // Since the salt has 2^^72 values, 256 times is probably good enough.
+ KeySpec spec = new PBEKeySpec(sharedKey.toCharArray(), salt, 256, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES");
return key;