From d26a9c3c5819be48b76586c2fa60da9a7a9829dd Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 26 Aug 2014 19:02:40 +0200 Subject: Add some security utilities This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this --- lib/public/security/stringutils.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 lib/public/security/stringutils.php (limited to 'lib/public/security/stringutils.php') diff --git a/lib/public/security/stringutils.php b/lib/public/security/stringutils.php new file mode 100644 index 00000000000..8e7b132724e --- /dev/null +++ b/lib/public/security/stringutils.php @@ -0,0 +1,25 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + + +namespace OCP\Security; + +class StringUtils { + /** + * Compares whether two strings are equal. To prevent guessing of the string + * length this is done by comparing two hashes against each other and afterwards + * a comparison of the real string to prevent against the unlikely chance of + * collisions. + * @param string $expected The expected value + * @param string $input The input to compare against + * @return bool True if the two strings are equal, otherwise false. + */ + public static function equals($expected, $input) { + return \OC\Security\StringUtils::equals($expected, $input); + } +} -- cgit v1.2.3