Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: SpringZKAuth – Spring application with zero knowledge password proof (github.com)
2 points by maxamel 11 months ago | hide | past | web | favorite | 1 comment

You seem to seed the SecureRandom object with the current time. I think this reduces security and it would be better to omit the seed and let SecureRandom seed itself.

It also looks like you do normal String equals to compare secrets, which could be vulnerable to a timing attack.

Are you sure you are qualified to implement crypto?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact