Java 8 でのパスワードハッシュのデモプログラム。

Java8PasswordHashDemo.java

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;

/**
 * パスワードハッシュのデモ。
 */
public class Java8PasswordHashDemo {
    static final int NUM_SALT_BYTES = 32;
    static final int NUM_ITERATIONS = 20_000;
    static final int NUM_KEY_BYTES = 512;

    public static void main(String[] args) throws NoSuchAlgorithmException {
        String password = "password123";

        byte[] salt = newSalt(NUM_SALT_BYTES);
        byte[] hashedPassword = hash(password, salt, NUM_ITERATIONS, NUM_KEY_BYTES);

        System.out.println("salt : " + Base64.getEncoder().encodeToString(salt));
        System.out.println("salt : " + Base64.getEncoder().encodeToString(hashedPassword));
    }

    static byte[] newSalt(int length) {
        try {
            byte[] result = new byte[length];

            SecureRandom.getInstance(
                    // "NativePRNGNonBlocking"
                    // "NativePRNGBlocking"
                    "SHA1PRNG"
            ).nextBytes(result);

            return result;

        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    static byte[] hash(String password, byte[] salt, int numIterations, int numHashLength) {
        PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, numIterations, numHashLength);

        SecretKeyFactory factory;
        try {
            factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");

        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }

        try {
            return factory.generateSecret(keySpec)
                    .getEncoded();

        } catch (InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }
}