Re: [wildfly-dev] On the WildFly Elytron PasswordFactory API
On 06/04/2014 11:07 AM, David M. Lloyd wrote:
[...]
Example: Encrypting a new password
----------------------------------
PasswordFactory pf = PasswordFactory.getInstance("sha1crypt");
// API not yet established but will be similar to this possibly:
???? parameters = new
???SHA1CryptPasswordParameterSpec("p4ssw0rd".toCharArray());
Password encrypted = pf.generatePassword(parameters);
assert encrypted instanceof SHA1CryptPassword;
I have a concrete specification for this example now:
PasswordFactory pf = PasswordFactory.getInstance("sha-256-crypt");
// use a 64-byte random salt; most algorithms support flexible sizes
byte[] salt = new byte[64];
ThreadLocalRandom.current().getBytes(salt);
// iteration count is 4096, can generally be more (or less)
AlgorithmParameterSpec aps =
new HashedPasswordAlgorithmSpec(4096, salt);
char[] chars = "p4ssw0rd".toCharArray();
PasswordSpec spec = new EncryptablePasswordSpec(chars, aps);
Password pw = pf.generatePassword(spec);
assert pw.getAlgorithm().equals("sha-256-crypt");
assert pw instanceof UnixSHACryptPassword;
assert pf.verifyPassword(pw, chars);
--
- DML