
Show HN: SpringZKAuth – Spring application with zero knowledge password proof - maxamel
https://github.com/maxamel/SpringZKAuth
======
Sjoerd
You seem to seed the SecureRandom object with the current time. I think this
reduces security and it would be better to omit the seed and let SecureRandom
seed itself.

It also looks like you do normal String equals to compare secrets, which could
be vulnerable to a timing attack.

Are you sure you are qualified to implement crypto?

