[jboss-user] [Security & JAAS/JBoss] - Re: Implement digestCallback into login-config.xml
ragavgomatam
do-not-reply at jboss.com
Tue Feb 19 14:50:16 EST 2008
A salt is a random number of a fixed length. This salt must be different for each stored entry. It must be stored as clear text next to the hashed password. A 64 bits salt is recommended in RSA PKCS5 standard.
salt can be extracted from hash assuming 6 byte salt:
private static byte[] extractSalt(String encPass) {
| String encPassNoLabel = encPass.substring(6);
|
| byte[] hashAndSalt = org.apache.commons.codec.binary.Base64.decodeBase64(encPassNoLabel.getBytes());
| int saltLength = hashAndSalt.length - SHA_LENGTH;
| byte[] salt = new byte[saltLength];
| System.arraycopy(hashAndSalt, SHA_LENGTH, salt, 0, saltLength);
|
| return salt;
| }
where encPass is the hashed string;
/**
| * From a password, a number of iterations and a salt,
| * returns the corresponding digest
| * @param iterationNb int The number of iterations of the algorithm
| * @param password String The password to encrypt
| * @param salt byte[] The salt
| * @return byte[] The digested password
| * @throws NoSuchAlgorithmException If the algorithm doesn't exist
| */
| public byte[] getHash(int iterationNb, String password, byte[] salt) throws NoSuchAlgorithmException {
| MessageDigest digest = MessageDigest.getInstance("SHA-1");
| digest.reset();
| digest.update(salt);
| byte[] input = digest.digest(password.getBytes("UTF-8"));
| for (int i = 0; i < iterationNb; i++) {
| digest.reset();
| input = digest.digest(input);
| }
| return input;
| }
Trust this helps....
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130521#4130521
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4130521
More information about the jboss-user
mailing list