This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Hashing Java"
Markgordon (talk | contribs) (Remove theory & motivation of hashing. Instead, direct the reader to OWASP Password Storage Cheat Sheet. Replace example guidance based on Manico & Detlefsen's Iron-Clad Java: Building Secure Web Applications) |
Markgordon (talk | contribs) (Reworked code to avoid possible copyright issue. Switched PBKDF2WithHmacSHA1 to PBKDF2WithHmacSHA512 in case some code reviewer has read about SHA1 issues(!).) |
||
Line 13: | Line 13: | ||
==Introduction== | ==Introduction== | ||
− | This page helps Java developers hash passwords safely. We rely on OWASP's [[Password Storage Cheat Sheet]] to explain | + | This page helps Java developers hash passwords safely. We rely on OWASP's [[Password Storage Cheat Sheet]] to explain hashing best practice and theory. |
==Java Example== | ==Java Example== | ||
Line 20: | Line 20: | ||
try { | try { | ||
− | + | SecretKeyFactory skf = SecretKeyFactory.getInstance( "PBKDF2WithHmacSHA512" ); | |
− | + | PBEKeySpec spec = new PBEKeySpec( password, salt, iterations, keyLength ); | |
+ | SecretKey key = skf.generateSecret( spec ); | ||
+ | byte[] res = key.getEncoded( ); | ||
+ | return res; | ||
} catch( NoSuchAlgorithmException | InvalidKeySpecException e ) { | } catch( NoSuchAlgorithmException | InvalidKeySpecException e ) { | ||
Line 30: | Line 33: | ||
The password and salt arguments are arrays, as is the result of the hashPassword function. | The password and salt arguments are arrays, as is the result of the hashPassword function. | ||
− | Sensitive data should be ''cleared'' after you have used it ( | + | Sensitive data should be ''cleared'' after you have used it (set the array elements to zero). |
− | The example uses a Password Based Key Derivation Function 2 (PBKDF2), as discussed in [[Password Storage Cheat Sheet]]. | + | The example uses a Password Based Key Derivation Function 2 (PBKDF2), as discussed in the [[Password Storage Cheat Sheet]]. |
The ''salt'' argument should be random data and vary for each user. It should be at least 32 bytes long. Remember to save the salt with the hashed password! | The ''salt'' argument should be random data and vary for each user. It should be at least 32 bytes long. Remember to save the salt with the hashed password! | ||
Line 39: | Line 42: | ||
A keyLength of 256 is safe. | A keyLength of 256 is safe. | ||
+ | |||
+ | If the example code generates a NoSuchAlgorithmException, replace PBKDF2WithHmacSHA512 with PBKDF2WithHmacSHA1. Both are adequate to the task but you may be criticized when people see "SHA1" in the specification (SHA1 can be unsafe outside of the context of PBKDF2). | ||
The SecretKeyFactory and PBEKeySpec classes have been part of Java SE since version 1.4. | The SecretKeyFactory and PBEKeySpec classes have been part of Java SE since version 1.4. |
Revision as of 21:17, 16 January 2016
|
|
---|---|
![]() |
Last revision (mm/dd/yy): 01/16/2016
Introduction
This page helps Java developers hash passwords safely. We rely on OWASP's Password Storage Cheat Sheet to explain hashing best practice and theory.
Java Example
public static byte[] hashPassword( final char[] password, final byte[] salt, final int iterations, final int keyLength ) { try { SecretKeyFactory skf = SecretKeyFactory.getInstance( "PBKDF2WithHmacSHA512" ); PBEKeySpec spec = new PBEKeySpec( password, salt, iterations, keyLength ); SecretKey key = skf.generateSecret( spec ); byte[] res = key.getEncoded( ); return res; } catch( NoSuchAlgorithmException | InvalidKeySpecException e ) { throw new RuntimeException( e ); }
Guidance
The password and salt arguments are arrays, as is the result of the hashPassword function. Sensitive data should be cleared after you have used it (set the array elements to zero).
The example uses a Password Based Key Derivation Function 2 (PBKDF2), as discussed in the Password Storage Cheat Sheet.
The salt argument should be random data and vary for each user. It should be at least 32 bytes long. Remember to save the salt with the hashed password!
The interations argument specifies how many times the PBKDF2 executes its underlying algorithm. A higher value is safer. You need to experiment on hardware equivalent to your production systems. As a starting point, find a value that requires one half second to execute. Scaling to huge number of users is beyond the scope of this document. Remember to save the value of iterations with the hashed password!
A keyLength of 256 is safe.
If the example code generates a NoSuchAlgorithmException, replace PBKDF2WithHmacSHA512 with PBKDF2WithHmacSHA1. Both are adequate to the task but you may be criticized when people see "SHA1" in the specification (SHA1 can be unsafe outside of the context of PBKDF2).
The SecretKeyFactory and PBEKeySpec classes have been part of Java SE since version 1.4.
Reference
See Iron-Clad Java: Building Secure Web Applications by Manico and Detlefsen, 2015, Oracle Press.