From 8bfdad38b9a87b1c5dd9089205ad3fa4de2a2425 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastianstenzel@gmail.com>
Date: Wed, 14 Jan 2015 19:34:36 +0100
Subject: [PATCH] - fixed timing attack on MAC (see
 http://codahale.com/a-lesson-in-timing-attacks/)

---
 .../java/org/cryptomator/crypto/aes256/Aes256Cryptor.java    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java b/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java
index 52cf540e6..a672fa23b 100644
--- a/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java
+++ b/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java
@@ -17,6 +17,7 @@ import java.nio.file.DirectoryStream.Filter;
 import java.nio.file.Path;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
@@ -426,8 +427,8 @@ public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicCo
 		final InputStream macIn = new MacInputStream(in, mac);
 		IOUtils.copyLarge(macIn, new NullOutputStream(), 0, fileSize);
 
-		// compare:
-		return Arrays.equals(macBuffer.array(), mac.doFinal());
+		// compare (in constant time):
+		return MessageDigest.isEqual(macBuffer.array(), mac.doFinal());
 	}
 
 	@Override