You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each additional correct character in the prefix of a guess will make the response take an increment longer. It's best to treat some prefix of the key as a selector that can be indexed, but the remainder should be treated as a password. As a stop-gap, it will help if you select based off of a prefix and then use a constant-time string comparison function to check the suffix.
The text was updated successfully, but these errors were encountered:
Right here: https://github.com/alefcarlos/keycloak-api-key/blob/0.1.13/api-key-module/src/main/java/com/gwidgets/resources/ApiKeyResource.java#L33
Each additional correct character in the prefix of a guess will make the response take an increment longer. It's best to treat some prefix of the key as a selector that can be indexed, but the remainder should be treated as a password. As a stop-gap, it will help if you select based off of a prefix and then use a constant-time string comparison function to check the suffix.
The text was updated successfully, but these errors were encountered: