com.oracle.truffle.tools.chromeinspector.instrument.Token

public final class Token extends Object

Token encapsulates some sensitive data that can be compared in a secure way. That is, the equals(Object) method does not leak any information through timing. While one could be careful with String or byte[] and perform all the comparisons in a secure way, just one careless call of Object.equals(Object) could expose the secret data to an attacker. For this reason, we encapsulate it into a class to prevent such accidental exposure. The Token class does not allow the data to be extracted in the original form. It has limited set of operation that allow you to learn something about the data:

Comparison - designed not to leak any data through its execution time.
hashCode() - this might expose part of the hash. Note that some collection implementations like HashMap might use it and leak this value through timing attack.
toString() might contain whole hash of the sensitive data.

At worst, just a hash of the sensitive data can leak by careless operation. If this happens:

All secrets with entropy outside of attacker's capability for offline attacks are safe.
Secrets with low entropy (e.g., short secrets or secrets made in a predictable way) might be cracked by a offline attack.

Please note that this class does not use a slow hashing function (like bcrypt), that are recommended for secrets of potentially entropy (e.g., passwords). You should not store low-entropy secrets there unless you are extremely careful about calling methods such as hashCode() and toString(). Those operations are explicitly not planned to be ever supported:

serialization - Allowing serialization would not allow us to change the hash function or String encoding in future.
comparing values like Comparable.compareTo(Object) - This could be hardly implemented in a meaningful way without compromising security.

Method Summary

Modifier and Type

Method

Description

static Token

createHashedTokenFromString(String secret)

boolean

equals(Object o)

If the other object is not a Token, it immediatelly returns false.

int

hashCode()

String

toString()

The String representation of Token might contain hash.

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details
- createHashedTokenFromString
  
  public static Token createHashedTokenFromString(String secret)
- equals
  
  public boolean equals(Object o)
  
  If the other object is not a Token, it immediatelly returns false. If the other object is a Token, it compares values encapsulated by the tokens in a way that prevents timing attacks. That is, even if an attacker is able to measure the time of this operation, it gives them no valuable information about the secret contents.
  
  Overrides:
  
  equals in class Object
- hashCode
  
  public int hashCode()
  
  Overrides:
  
  hashCode in class Object
- toString
  
  public String toString()
  
  The String representation of Token might contain hash. Currently, it contains the hash. However, it might change in future. This means that you cannot rely on any of those variant. You should be careful when printing the value out, but you cannot rely on it to provide any information.
  
  Overrides:
  
  toString in class Object

Class Token

Method Summary

Methods inherited from class java.lang.Object

Method Details

createHashedTokenFromString

equals

hashCode

toString