A salt is a random number of a fixed length. This salt must be different for each stored entry. It must be stored as clear text next to the hashed password. A 64 bits salt is recommended in RSA PKCS5 standard. salt can be extracted from hash assuming 6 byte salt: private static byte[] extractSalt(String encPass) { | String encPassNoLabel = encPass.substring(6); | | byte[] hashAndSalt = org.apache.commons.codec.binary.Base64.decodeBase64(encPassNoLabel.getBytes()); | int saltLength = hashAndSalt.length - SHA_LENGTH; | byte[] salt = new byte[saltLength]; | System.arraycopy(hashAndSalt, SHA_LENGTH, salt, 0, saltLength); | | return salt; | } where encPass is the hashed string; /** | * From a password, a number of iterations and a salt, | * returns the corresponding digest | * @param iterationNb int The number of iterations of the algorithm | * @param password String The password to encrypt | * @param salt byte[] The salt | * @return byte[] The digested password | * @throws NoSuchAlgorithmException If the algorithm doesn't exist | */ | public byte[] getHash(int iterationNb, String password, byte[] salt) throws NoSuchAlgorithmException { | MessageDigest digest = MessageDigest.getInstance("SHA-1"); | digest.reset(); | digest.update(salt); | byte[] input = digest.digest(password.getBytes("UTF-8")); | for (int i = 0; i < iterationNb; i++) { | digest.reset(); | input = digest.digest(input); | } | return input; | } Trust this helps.... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130521#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...