Merge branch 'changePasswordForm'

[gigi.git] / src / org / cacert / gigi / util / PasswordHash.java

diff --git a/src/org/cacert/gigi/util/PasswordHash.java b/src/org/cacert/gigi/util/PasswordHash.java
index 1baf13700729b2fb9330dcced7f2dbf32db4e31d..71f7547979c9ae06c5a83ca2530fd0d9ca4763be 100644 (file)
--- a/src/org/cacert/gigi/util/PasswordHash.java
+++ b/src/org/cacert/gigi/util/PasswordHash.java
@@ -6,7 +6,14 @@ import java.security.NoSuchAlgorithmException;
 public class PasswordHash {
        public static boolean verifyHash(String password, String hash) {
                String newhash = sha1(password);
-               return newhash.equals(hash);
+               boolean match = true;
+               if (newhash.length() != hash.length()) {
+                       match = false;
+               }
+               for (int i = 0; i < newhash.length(); i++) {
+                       match &= newhash.charAt(i) == hash.charAt(i);
+               }
+               return match;
        }
 
        private static String sha1(String password) {
@@ -23,4 +30,8 @@ public class PasswordHash {
                        throw new Error(e);
                }
        }
+
+       public static String hash(String password) {
+               return sha1(password);
+       }
 }