Here you can find the source of compareSecure(byte[] test, byte[] good)
| Parameter | Description |
|---|---|
| test | the first array |
| good | the second array |
public static boolean compareSecure(byte[] test, byte[] good)
//package com.java2s; /*// ww w. j a va2s . co m * Copyright 2004-2008 H2 Group. Multiple-Licensed under the H2 License, Version 1.0, and under the Eclipse Public License, Version 1.0 (http://h2database.com/html/license.html). Initial Developer: H2 Group */ public class Main { /** * Compare two byte arrays. This method will always loop over all bytes and doesn't use conditional operations in the loop to make sure an attacker can not use a timing attack when trying out passwords. * * @param test * the first array * @param good * the second array * @return true if both byte arrays contain the same bytes */ public static boolean compareSecure(byte[] test, byte[] good) { if ((test == null) || (good == null)) { return (test == null) && (good == null); } if (test.length != good.length) { return false; } if (test.length == 0) { return true; } // don't use conditional operations inside the loop int bits = 0; for (int i = 0; i < good.length; i++) { // this will never reset any bits bits |= test[i] ^ good[i]; } return bits == 0; } }