Java : Timing attack

The method of string comparison is used that does not protect against timing attacks.

Common methods of string comparison terminate the operation after handling the first non-equal pair of characters. Thus, the operating time of the method depends on the length of the matching prefixes. An attacker can use this information to compromise valuable data. When working with the valuable data, such as encryption keys, secure methods of comparison must be used.

In Java for secure string comparison use MessageDigest.isEqual() (the implementation is protected from timing attacks starting with Java 6 Update 17) or implement your own method. Typical idea of secure comparison: compute XOR for each pair of elements of the two arrays and return true if the resulting vector consists of zeros. This comparison takes the same amount of time regardless of the values of the arguments.

In Play Framework, use the constantTimeEquals method.