Use constant-time equality for checking passwords

backend/src/main/scala/com/softwaremill/bootzooka/common/Utils.scala

@@ -82,4 +82,19 @@ object Utils {
     sb.toString()
   }
 
+  // Do not change this unless you understand the security issues behind timing attacks.
+  // This method intentionally runs in constant time if the two strings have the same length.
+  // If it didn't, it would be vulnerable to a timing attack.
+  def constantTimeEquals(a: String, b: String): Boolean = {
+    if (a.length != b.length) {
+      false
+    }
+    else {
+      var equal = 0
+      for (i <- Array.range(0, a.length)) {
+        equal |= a(i) ^ b(i)
+      }
+      equal == 0
+    }
+  }
 }

backend/src/main/scala/com/softwaremill/bootzooka/user/domain/User.scala

@@ -37,7 +37,9 @@ object User {
   }
 
   def passwordsMatch(plainPassword: String, user: User): Boolean = {
-    user.password.equals(encryptPassword(plainPassword, user.salt))
+    Utils.constantTimeEquals(
+      user.password,
+      encryptPassword(plainPassword, user.salt))
   }
 }