Java Reference
In-Depth Information
Cryptographic Hash Functions
Thevalueproducedbyahashfunctionisthe
hash value
or
message digest
.Hashfunctions
are computationally feasible functions whose inverses are computationally infeasible. In
practice,apasswordcanbeencodedtoahashvalue,butdecodingremainsinfeasible.The
equality of the passwords can be tested through the equality of their hash values.
A good practice is to always append a
salt
to the password being hashed. A salt is a
unique (often sequential) or randomly generated piece of data that is stored along with
the hash value. The use of a salt helps prevent brute-force attacks against the hash value,
providedthatthesaltislongenoughtogeneratesufficiententropy(shortersaltvaluescan-
not significantly slow down a brute-force attack). Each password should have its own salt
associated with it. If a single salt were used for more than one password, two users would
be able to see whether their passwords are the same.
The choice of hash function and salt length presents a trade-off between security and
performance. Increasing the effort required for effective brute-force attacks by choosing a
stronger hash function can also increase the time required to validate a password. Increas-
ing the length of the salt makes brute-force attacks more difficult but requires additional
storage space.
Java's
MessageDigest
class provides implementations of various cryptographic hash
functions. Avoid defective functions such as the Message-Digest Algorithm (MD5). Hash
functions such as Secure Hash Algorithm (SHA)-1 and SHA-2 are maintained by the Na-
tional Security Agency, and are currently considered safe. In practice, many applications
useSHA-256becausethishashfunctionhasreasonableperformancewhilestillbeingcon-
sidered secure.
Noncompliant Code Example
This noncompliant code example encrypts and decrypts the password stored in
pass-
word.bin
using a symmetric key algorithm.
public final class Password {
private void setPassword(byte[] pass) throws Exception {
// Arbitrary encryption scheme
bytes[] encrypted = encrypt(pass);
clearArray(pass);
// Encrypted password to password.bin
saveBytes(encrypted,"password.bin");
clearArray(encrypted);
}
