[wildfly-dev] On the WildFly Elytron PasswordFactory API
David M. Lloyd
david.lloyd at redhat.com
Wed Jun 11 10:30:17 EDT 2014
On 06/04/2014 11:07 AM, David M. Lloyd wrote:
[...]
> Example: Encrypting a new password
> ----------------------------------
>
> PasswordFactory pf = PasswordFactory.getInstance("sha1crypt");
> // API not yet established but will be similar to this possibly:
> ???? parameters = new
> ???SHA1CryptPasswordParameterSpec("p4ssw0rd".toCharArray());
> Password encrypted = pf.generatePassword(parameters);
> assert encrypted instanceof SHA1CryptPassword;
I have a concrete specification for this example now:
PasswordFactory pf = PasswordFactory.getInstance("sha-256-crypt");
// use a 64-byte random salt; most algorithms support flexible sizes
byte[] salt = new byte[64];
ThreadLocalRandom.current().getBytes(salt);
// iteration count is 4096, can generally be more (or less)
AlgorithmParameterSpec aps =
new HashedPasswordAlgorithmSpec(4096, salt);
char[] chars = "p4ssw0rd".toCharArray();
PasswordSpec spec = new EncryptablePasswordSpec(chars, aps);
Password pw = pf.generatePassword(spec);
assert pw.getAlgorithm().equals("sha-256-crypt");
assert pw instanceof UnixSHACryptPassword;
assert pf.verifyPassword(pw, chars);
--
- DML
More information about the wildfly-dev
mailing list