This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Hashing Java"
Markgordon (talk | contribs) (Remove theory & motivation of hashing. Instead, direct the reader to OWASP Password Storage Cheat Sheet. Replace example guidance based on Manico & Detlefsen's Iron-Clad Java: Building Secure Web Applications) |
m (page category) |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 8: | Line 8: | ||
|} | |} | ||
| − | + | ||
<br/> | <br/> | ||
==Introduction== | ==Introduction== | ||
| − | This page helps Java developers hash passwords safely. We rely on OWASP's [[Password Storage Cheat Sheet]] to explain | + | This page helps Java developers hash passwords safely. We rely on OWASP's [[Password Storage Cheat Sheet]] to explain hashing best practice and theory. |
==Java Example== | ==Java Example== | ||
| Line 19: | Line 19: | ||
public static byte[] hashPassword( final char[] password, final byte[] salt, final int iterations, final int keyLength ) { | public static byte[] hashPassword( final char[] password, final byte[] salt, final int iterations, final int keyLength ) { | ||
| − | + | try { | |
| − | + | SecretKeyFactory skf = SecretKeyFactory.getInstance( "PBKDF2WithHmacSHA512" ); | |
| − | new PBEKeySpec( password, salt, iterations, keyLength )).getEncoded( ); | + | PBEKeySpec spec = new PBEKeySpec( password, salt, iterations, keyLength ); |
| + | SecretKey key = skf.generateSecret( spec ); | ||
| + | byte[] res = key.getEncoded( ); | ||
| + | return res; | ||
| − | + | } catch( NoSuchAlgorithmException | InvalidKeySpecException e ) { | |
| − | + | throw new RuntimeException( e ); | |
| + | } | ||
} | } | ||
| Line 30: | Line 34: | ||
The password and salt arguments are arrays, as is the result of the hashPassword function. | The password and salt arguments are arrays, as is the result of the hashPassword function. | ||
| − | Sensitive data should be ''cleared'' after you have used it ( | + | Sensitive data should be ''cleared'' after you have used it (set the array elements to zero). |
| − | The example uses a Password Based Key Derivation Function 2 (PBKDF2), as discussed in [[Password Storage Cheat Sheet]]. | + | The example uses a Password Based Key Derivation Function 2 (PBKDF2), as discussed in the [[Password Storage Cheat Sheet]]. |
The ''salt'' argument should be random data and vary for each user. It should be at least 32 bytes long. Remember to save the salt with the hashed password! | The ''salt'' argument should be random data and vary for each user. It should be at least 32 bytes long. Remember to save the salt with the hashed password! | ||
| − | The '' | + | The ''iterations'' argument specifies how many times the PBKDF2 executes its underlying algorithm. A higher value is safer. You need to experiment on hardware equivalent to your production systems. As a starting point, find a value that requires one half second to execute. Scaling to huge number of users is beyond the scope of this document. Remember to save the value of iterations with the hashed password! |
A keyLength of 256 is safe. | A keyLength of 256 is safe. | ||
| + | |||
| + | If the example code generates a NoSuchAlgorithmException, replace PBKDF2WithHmacSHA512 with PBKDF2WithHmacSHA1. Both are adequate to the task but you may be criticized when people see "SHA1" in the specification (SHA1 can be unsafe outside of the context of PBKDF2). | ||
The SecretKeyFactory and PBEKeySpec classes have been part of Java SE since version 1.4. | The SecretKeyFactory and PBEKeySpec classes have been part of Java SE since version 1.4. | ||
| Line 46: | Line 52: | ||
See ''Iron-Clad Java: Building Secure Web Applications'' by Manico and Detlefsen, 2015, Oracle Press. | See ''Iron-Clad Java: Building Secure Web Applications'' by Manico and Detlefsen, 2015, Oracle Press. | ||
| − | [[Category: | + | [[Category:Java]] |
Latest revision as of 14:31, 2 February 2016
| |
|
|---|---|
|
Introduction
This page helps Java developers hash passwords safely. We rely on OWASP's Password Storage Cheat Sheet to explain hashing best practice and theory.
Java Example
public static byte[] hashPassword( final char[] password, final byte[] salt, final int iterations, final int keyLength ) {
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance( "PBKDF2WithHmacSHA512" );
PBEKeySpec spec = new PBEKeySpec( password, salt, iterations, keyLength );
SecretKey key = skf.generateSecret( spec );
byte[] res = key.getEncoded( );
return res;
} catch( NoSuchAlgorithmException | InvalidKeySpecException e ) {
throw new RuntimeException( e );
}
}
Guidance
The password and salt arguments are arrays, as is the result of the hashPassword function. Sensitive data should be cleared after you have used it (set the array elements to zero).
The example uses a Password Based Key Derivation Function 2 (PBKDF2), as discussed in the Password Storage Cheat Sheet.
The salt argument should be random data and vary for each user. It should be at least 32 bytes long. Remember to save the salt with the hashed password!
The iterations argument specifies how many times the PBKDF2 executes its underlying algorithm. A higher value is safer. You need to experiment on hardware equivalent to your production systems. As a starting point, find a value that requires one half second to execute. Scaling to huge number of users is beyond the scope of this document. Remember to save the value of iterations with the hashed password!
A keyLength of 256 is safe.
If the example code generates a NoSuchAlgorithmException, replace PBKDF2WithHmacSHA512 with PBKDF2WithHmacSHA1. Both are adequate to the task but you may be criticized when people see "SHA1" in the specification (SHA1 can be unsafe outside of the context of PBKDF2).
The SecretKeyFactory and PBEKeySpec classes have been part of Java SE since version 1.4.
Reference
See Iron-Clad Java: Building Secure Web Applications by Manico and Detlefsen, 2015, Oracle Press.
