Hacker News new | comments | show | ask | jobs | submit login
Show HN: SpringZKAuth – Spring application with zero knowledge password proof (github.com)
2 points by maxamel 6 months ago | hide | past | web | favorite | 1 comment

You seem to seed the SecureRandom object with the current time. I think this reduces security and it would be better to omit the seed and let SecureRandom seed itself.

It also looks like you do normal String equals to compare secrets, which could be vulnerable to a timing attack.

Are you sure you are qualified to implement crypto?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact