Last active
July 5, 2019 07:57
-
-
Save KomanRudden/69f1a861a90473820119 to your computer and use it in GitHub Desktop.
Password and Salt hashing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
final byte[] hashedPassword = PasswordUtil.getHashedPassword(password, user.getSalt()); | |
String encodedPassword = Base64.encodeBase64String(hashedPassword); | |
if (user.getPassword() == null || !user.getPassword().equals(encodedPassword)) { | |
throw new SmartDevicesSalesSecurityException("Incorrect password entered"); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package za.co.fnb.cbs.smartdevices.common.utils; | |
import java.io.UnsupportedEncodingException; | |
import java.security.MessageDigest; | |
import java.security.NoSuchAlgorithmException; | |
import org.apache.commons.codec.binary.Base64; | |
import java.security.SecureRandom; | |
import java.util.Random; | |
import java.util.logging.Level; | |
import java.util.logging.Logger; | |
import org.apache.commons.lang.StringUtils; | |
import org.slf4j.LoggerFactory; | |
import za.co.fnb.cbs.smartdevices.common.ApplicationConstants; | |
/** | |
* | |
* @author Koman Rudden [f3240479] | |
*/ | |
public class PasswordUtil { | |
protected static org.slf4j.Logger log = LoggerFactory.getLogger(PasswordUtil.class); | |
public static void main(String[] args) { | |
PasswordUtil.createPassword("2014@cbs"); | |
} | |
public static void createPassword(String password) { | |
final String salt = createSalt(); | |
System.out.println(salt); | |
final byte[] hashedPassword = getHashedPassword(password, salt); | |
System.out.println(Base64.encodeBase64String(hashedPassword)); | |
} | |
public static String createSalt() { | |
Long seed = System.nanoTime(); | |
Random random = new SecureRandom(new byte[]{seed.byteValue()}); | |
byte[] saltBytes = new byte[ApplicationConstants.HASHING_SALT_BYTE_LENGTH]; | |
random.nextBytes(saltBytes); | |
return Base64.encodeBase64String(saltBytes); | |
} | |
public static byte[] getHashedPassword(String inputPassword, String salt) { | |
byte[] passwordBytes = null; | |
if (StringUtils.isNotBlank(inputPassword)) { | |
try { | |
MessageDigest digest = MessageDigest.getInstance(ApplicationConstants.HASHING_ALGORITHM); | |
digest.reset(); | |
if (StringUtils.isNotBlank(salt)) { | |
digest.update(salt.getBytes(ApplicationConstants.HASHING_ENCODING)); | |
} | |
passwordBytes = digest.digest(inputPassword.getBytes()); | |
for (int n = 0; n < ApplicationConstants.HASHING_ITERATIONS; n++) { | |
digest.reset(); | |
passwordBytes = digest.digest(passwordBytes); | |
} | |
} catch (NoSuchAlgorithmException | UnsupportedEncodingException ex) { | |
log.error(ex.getMessage()); | |
} | |
} | |
return passwordBytes; | |
} | |
} | |
package za.co.fnb.cbs.smartdevices.common; | |
/** | |
* | |
* @author Koman Rudden [f3240479] | |
*/ | |
public interface ApplicationConstants { | |
public static final Integer HASHING_SALT_BYTE_LENGTH = 20; | |
public static final String HASHING_ALGORITHM = "SHA-256"; | |
public static final String HASHING_ENCODING = "UTF-8"; | |
public static final Integer HASHING_ITERATIONS = 1031; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The length of the salt generated ??