SHA2 password hashing in java

2020-02-03 04:51发布

站内问答 / Java
1750 4 4

I'm trying to hash some passwords with SHA2.

Where can I get a snippet of java code for make that?

I have seen that post but I have something missing: SHA2 password storage with Java

 Mac mac = Mac.getInstance("HmacSha256");
 SecretKeySpec secret = new SecretKeySpec(key.getBytes(), "HmacSha256");
 mac.init(secret);
 byte[] shaDigest = mac.doFinal(phrase.getBytes());
 String hash = "";
 for(byte b:shaDigest) {
     hash += String.format("%02x",b);
 }

The phrase is the String I want encode right? And what is the key (line 2)

Thanks in advance

4条回答
狗以群分
2楼-- · 2020-02-03 05:04

you may consider using commons-codec's implementation

String hash = org.apache.commons.codec.digest.DigestUtils.sha256Hex(password +"salt");
查看更多
0人赞 添加讨论(0) 举报
劳资没心,怎么记你
3楼-- · 2020-02-03 05:07

Phrase would be the password that you're trying to protect. key is the salt, a unique (and known) string appended to your password before hashing, to defeat rainbow tables. Or it should be, at least. Your code is just taking it from the password itself, which is kind of pointless. It should be a long random string that is stored together with the password digest.

查看更多
0人赞 添加讨论(0) 举报
Anthone
4楼-- · 2020-02-03 05:08

I modified a little rossum's code, added salt and convert returning type to String, add try/catch, maybe it will help to someone:

    public String hash(String password) {
    try {
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        String salt = "some_random_salt";
        String passWithSalt = password + salt;
        byte[] passBytes = passWithSalt.getBytes();
        byte[] passHash = sha256.digest(passBytes);             
        StringBuilder sb = new StringBuilder();
        for(int i=0; i< passHash.length ;i++) {
            sb.append(Integer.toString((passHash[i] & 0xff) + 0x100, 16).substring(1));         
        }
        String generatedPassword = sb.toString();
        return generatedPassword;
    } catch (NoSuchAlgorithmException e) { e.printStackTrace(); }       
    return null;
}
查看更多
0人赞 添加讨论(0) 举报
欢心
5楼-- · 2020-02-03 05:10

First, you need to be clear what it is you want to do. You say you want to hash a password, but the code you are using is for a MAC (Message Authentication Code), specifically, HMAC.

Hashes and MACs are different things for different purposes (though HMAC does involve using a hash). You need to be sure you are using the right one for your requirement.

The reason you are being asked to supply a key is because MACs need a key. Hashes do not:

public byte[] hash(String password) throws NoSuchAlgorithmException {
    MessageDigest sha256 = MessageDigest.getInstance("SHA-256");        
    byte[] passBytes = password.getBytes();
    byte[] passHash = sha256.digest(passBytes);
    return passHash;
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)