[jboss-user] [Security & JAAS/JBoss] - Re: Implement digestCallback into login-config.xml

ragavgomatam do-not-reply at jboss.com
Tue Feb 19 14:50:16 EST 2008


A salt is a random number of a fixed length. This salt must be different for each stored entry. It must be stored as clear text next to the hashed password.  A 64 bits salt is recommended in RSA PKCS5 standard. 

salt can be extracted from hash assuming 6 byte salt:

private static byte[] extractSalt(String encPass) {
  | String encPassNoLabel = encPass.substring(6);
  | 
  | byte[] hashAndSalt = org.apache.commons.codec.binary.Base64.decodeBase64(encPassNoLabel.getBytes());
  | int saltLength = hashAndSalt.length - SHA_LENGTH;
  | byte[] salt = new byte[saltLength];
  | System.arraycopy(hashAndSalt, SHA_LENGTH, salt, 0, saltLength);
  | 
  | return salt;
  | } 
where encPass is the  hashed string; 

/**
  |     * From a password, a number of iterations and a salt,
  |     * returns the corresponding digest
  |     * @param iterationNb int The number of iterations of the algorithm
  |     * @param password String The password to encrypt
  |     * @param salt byte[] The salt
  |     * @return byte[] The digested password
  |     * @throws NoSuchAlgorithmException If the algorithm doesn't exist
  |     */
  |    public byte[] getHash(int iterationNb, String password, byte[] salt) throws NoSuchAlgorithmException {
  |        MessageDigest digest = MessageDigest.getInstance("SHA-1");
  |        digest.reset();
  |        digest.update(salt);
  |        byte[] input = digest.digest(password.getBytes("UTF-8"));
  |        for (int i = 0; i < iterationNb; i++) {
  |            digest.reset();
  |            input = digest.digest(input);
  |        }
  |        return input;
  |    }



Trust this helps....


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130521#4130521

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4130521



More information about the jboss-user mailing list