Hash matching: Replaced call to Arrays.equals() with a time-constant function in order to protect against timing attacks in hypothetical developer-made message authentication schemes. (Note password matching is not affected by this vulnerability)
Authored by: dfernandez 2014-02-20
Parent: [r667]
Child: [r669]