{"id":335,"date":"2018-05-03T07:56:23","date_gmt":"2018-05-02T19:56:23","guid":{"rendered":"https:\/\/content.ronella.xyz\/apps\/wordpress\/?p=335"},"modified":"2018-05-03T07:56:23","modified_gmt":"2018-05-02T19:56:23","slug":"hashing-a-password-in-java","status":"publish","type":"post","link":"https:\/\/www.ronella.xyz\/?p=335","title":{"rendered":"Hashing a Password in Java"},"content":{"rendered":"<ol>\n<li>Create an instance of\u00a0<strong>SecretKeyFactory<\/strong> using the desired algorithm <em>(see.\u00a0<a href=\"https:\/\/docs.oracle.com\/javase\/8\/docs\/api\/index.html?javax\/crypto\/SecretKeyFactory.html\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.oracle.com\/javase\/8\/docs\/api\/index.html?javax\/crypto\/SecretKeyFactory.html<\/a>)<\/em> like the following:\n<pre>SecretKeyFactory skf = SecretKeyFactory.getInstance(\"PBKDF2WithHmacSHA512\");<\/pre>\n<p><em>Note: The <strong>PBKDF2WithHmacSHA512<\/strong> is the algorithm to construct the secret key using the <strong>Password-Based Key Derivation Function<\/strong>.<\/em><\/li>\n<li>Synthesize the raw materials into the instance of <strong>PBEKeySpec <\/strong>using the following syntax:\n<pre>PBEKeySpec spec = new PBEKeySpec( &lt;PASSWORD&gt;, &lt;SALT&gt;, &lt;ITERATIONS&gt;, &lt;KEY_LENGTH&gt; );<\/pre>\n<table>\n<thead>\n<tr>\n<td><strong>Parameter<\/strong><\/td>\n<td><strong>Description<\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>&lt;PASSWORD&gt;<\/td>\n<td>The raw password <em>(i.e. in array of chars)<\/em><\/td>\n<\/tr>\n<tr>\n<td>&lt;SALT&gt;<\/td>\n<td>A text <em>(i.e. in array of bytes)<\/em> that will be included to password.<\/td>\n<\/tr>\n<tr>\n<td>&lt;ITERATIONS&gt;<\/td>\n<td>The desired number of iterations that the\u00a0&lt;PASSWORD&gt; along with the &lt;SALT&gt; will be encoded. The higher the number the better to deter some kind of attack <em>(e.g. rainbow)<\/em>.<\/td>\n<\/tr>\n<tr>\n<td>&lt;KEY_LENGTH&gt;<\/td>\n<td>The length <em>(i.e. in bits)<\/em> of the key. Normally you can find this value on the algorithm name <em>(e.g.\u00a0PBKDF2WithHmacSHA<strong>512<\/strong>).<\/em><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<li>Create a\u00a0<strong>SecretKey<\/strong> instance using the spec from step 2 using the following:\n<pre>SecretKey key = skf.generateSecret(spec);<\/pre>\n<\/li>\n<li>Retrieve the encoded hash using the <strong>getEncoded()<\/strong> method of the SecketKey instance like the following:\n<pre>byte[] encodedKey = key.getEncoded();<\/pre>\n<\/li>\n<li>Use <strong>Base64<\/strong> encoder to\u00a0 covert the encoded key to string like the following:\n<pre>String base64Str = Base64.getEncoder().encodeToString(encodedKey);<\/pre>\n<\/li>\n<\/ol>\n<p><strong>Example code<\/strong><\/p>\n<pre>package xyz.ronella.crypto;\r\n\r\nimport javax.crypto.SecretKey;\r\nimport javax.crypto.SecretKeyFactory;\r\nimport javax.crypto.spec.PBEKeySpec;\r\nimport java.security.NoSuchAlgorithmException;\r\nimport java.security.spec.InvalidKeySpecException;\r\nimport java.util.Base64;\r\n\r\npublic class PasswordHashing {\r\n    public static void main(String[] args) {\r\n        try {\r\n            SecretKeyFactory skf = SecretKeyFactory.getInstance(\"PBKDF2WithHmacSHA512\");\r\n\r\n            PBEKeySpec spec = new PBEKeySpec(\"PASSWORD\".toCharArray(), \"SALT\".getBytes(), 10000, 512);\r\n            SecretKey key = skf.generateSecret(spec);\r\n\r\n            byte[] encodedKey = key.getEncoded();\r\n            String base64Str = Base64.getEncoder().encodeToString(encodedKey);\r\n\r\n            System.out.println(base64Str);\r\n\r\n        } catch (NoSuchAlgorithmException e) {\r\n            e.printStackTrace();\r\n        } catch (InvalidKeySpecException e) {\r\n            e.printStackTrace();\r\n        }\r\n    }\r\n}<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Create an instance of\u00a0SecretKeyFactory using the desired algorithm (see.\u00a0https:\/\/docs.oracle.com\/javase\/8\/docs\/api\/index.html?javax\/crypto\/SecretKeyFactory.html) like the following: SecretKeyFactory skf = SecretKeyFactory.getInstance(&#8220;PBKDF2WithHmacSHA512&#8221;); Note: The PBKDF2WithHmacSHA512 is the algorithm to construct the secret key using the Password-Based Key Derivation Function. Synthesize the raw materials into the instance of PBEKeySpec using the following syntax: PBEKeySpec spec = new PBEKeySpec( &lt;PASSWORD&gt;, &lt;SALT&gt;, &lt;ITERATIONS&gt;, &lt;KEY_LENGTH&gt; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[33,23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/335"}],"collection":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=335"}],"version-history":[{"count":12,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/335\/revisions"}],"predecessor-version":[{"id":347,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/335\/revisions\/347"}],"wp:attachment":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}