SHARE
TWEET

PasswordHelper - Salted Password Hashing

_Csandeep Jun 10th, 2015 488 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package miscellaneous;
  2.  
  3. import javax.crypto.SecretKeyFactory;
  4. import javax.crypto.spec.PBEKeySpec;
  5. import java.math.BigInteger;
  6. import java.security.NoSuchAlgorithmException;
  7. import java.security.SecureRandom;
  8. import java.security.spec.InvalidKeySpecException;
  9. import java.util.HashMap;
  10. import java.util.Map;
  11.  
  12. /**
  13.  * A utility class to hash passwords and check passwords vs hashed values.
  14.  *
  15.  * @author Sandeep Chatterjee
  16.  * @version 1.0
  17.  * @see \\https://crackstation.net/hashing-security.htm
  18.  */
  19.  
  20. class PasswordHelper {
  21.  
  22.     private static final SecureRandom secureRandom = new SecureRandom();
  23.     private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
  24.     private static final int SALT_BYTE_SIZE = 24;
  25.     private static final int HASH_BYTE_SIZE = 24;
  26.     private static final int PBKDF2_ITERATIONS = 1000;
  27.     private static Map<String, String> saltedHash = new HashMap<>();
  28.  
  29.     /**
  30.      * Static utility class
  31.      */
  32.     private PasswordHelper() {
  33.     }
  34.  
  35.     /**
  36.      * 1. Convert the password string to a character array.
  37.      * 2. Generate a random salt using SecureRandom.
  38.      * 3. Hash the password character array with a standard cryptographic hash function.
  39.      * 4. Convert the salt and hash byte arrays to respective hexadecimal strings(lets call them hexedSalt and hexedHash).
  40.      * 5. Prepend the hexedsalt(hexedSalt) to hexedhash(hexedHash) and save the reulting string along with the hexed salt(hexedSalt) to the database.
  41.      *
  42.      * @see \\https://crackstation.net/hashing-security.htm#javasourcecode
  43.      * @param password
  44.      * @return The hash-salt map to return
  45.      */
  46.     public static Map<String, String> createSaltedHash(String password) {
  47.         byte[] hash, salt;
  48.         String hexedHash = null, hexedSalt = null;
  49.         salt = new byte[SALT_BYTE_SIZE];
  50.         secureRandom.nextBytes(salt); // Fills the salt array with random bytes.
  51.         PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt,
  52.                 PBKDF2_ITERATIONS, (HASH_BYTE_SIZE * 8));
  53.         try {
  54.             SecretKeyFactory skf = SecretKeyFactory
  55.                     .getInstance(PBKDF2_ALGORITHM);
  56.             hash = skf.generateSecret(pbeKeySpec).getEncoded();
  57.             hexedHash = convertByteToHex(hash); // VALUE TO BE STORED IN DATABASE.
  58.             hexedSalt = convertByteToHex(salt); // VALUE TO BE STORED IN DATABASE.
  59.             System.out.println(PBKDF2_ITERATIONS + ":" + hexedSalt + ":" + hexedHash);
  60.         } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
  61.             e.printStackTrace();
  62.         }
  63.         saltedHash.put(hexedHash, hexedSalt);
  64.         return saltedHash;
  65.     }
  66.  
  67.     /**
  68.      * Converts a byte array into a hexadecimal string.
  69.      *
  70.      * @param array The byte array to convert
  71.      * @return A length*2 character string encoding the byte array
  72.      */
  73.     public static String convertByteToHex(byte[] array) {
  74.  
  75.         BigInteger bigInteger = new BigInteger(1, array);
  76.         String hex = bigInteger.toString(16);
  77.         int paddingLength = (array.length * 2) - hex.length();
  78.         if (paddingLength > 0)
  79.             return String.format("%0" + paddingLength + "d", 0) + hex;
  80.         else
  81.             return hex;
  82.     }
  83. }
  84.  
  85.  
  86. public class PasswordHelperTest {
  87.     public static void main(String[] args) {
  88.         Map<String, String> saltedHash = PasswordHelper.createSaltedHash("sandeep");
  89.  
  90.         for (Map.Entry<String, String> entry : saltedHash.entrySet()) {
  91.             System.out.print("SALT: ");
  92.             System.out.println(entry.getValue()); // VALUE TO BE STORED IN DATABASE.
  93.  
  94.             System.out.print("HASH: ");
  95.             System.out.println(entry.getKey());   // VALUE TO BE STORED IN DATABASE.
  96.         }
  97.     }
  98. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top