Timing leaks and multi-threading

Landon | Aug 24, 2021

What if the server that verified MACs took longer to verify a correct mac than an incorrect one? Or, perhaps put differently, what if you could tell the difference between a more correct guess than an obviously wrong one? If you can, you can break MAC authentication schemes, and that’s what the cryptopals authors are […]

Spring Batch Testing: Asserting file equality after running a single step

Landon | Jan 20, 2021

For some time at SoFi, we’ve worked with Spring Batch to provide a third-party integration with a service without a robust API, but that loves to work in terms of batch files. There are a number of ways to deal with that, and we’ve taken a few different approaches. One of them is to implement […]

Properties files vs. the JNDI

Landon | Sep 26, 2017

I don’t know if this is a debate at all, but it has been in my workplace. When managing configuration for Java EE / Spring Framework applications in a Wildfly server environment, what is better: managing an application’s configurable values at the server and environment level through the JNDI, or managing them through the use […]