SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator(); int byteSize = generatedSaltSize / 8; //generatedSaltSize is in *bits* - convert to byte size: return generator.nextBytes(byteSize);
public ByteSource nextBytes() { return nextBytes(getDefaultNextBytesSize()); }
ByteSource salt = new SecureRandomNumberGenerator().nextBytes(); new Sha512Hash(password, salt).toBase64();
/** * Constructs a new {@code DefaultHashService} instance with the following defaults: * <ul> * <li>{@link #setHashAlgorithmName(String) hashAlgorithmName} = {@code SHA-512}</li> * <li>{@link #setHashIterations(int) hashIterations} = {@code 1}</li> * <li>{@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} = * new {@link SecureRandomNumberGenerator}()</li> * <li>{@link #setGeneratePublicSalt(boolean) generatePublicSalt} = {@code false}</li> * </ul> * <p/> * If this hashService will be used for password hashing it is recommended to set the * {@link #setPrivateSalt(ByteSource) privateSalt} and significantly increase the number of * {@link #setHashIterations(int) hashIterations}. See the class-level JavaDoc for more information. */ public DefaultHashService() { this.algorithmName = "SHA-512"; this.iterations = 1; this.generatePublicSalt = false; this.rng = new SecureRandomNumberGenerator(); }
/** * Test new Shiro 1.1 functionality, where the salt is obtained from the stored account information, as it * should be. See <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> */ @Test public void testSaltedAuthenticationInfo() { //use SHA-1 hashing in this test: HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME); //simulate a user account with a SHA-1 hashed and salted password: ByteSource salt = new SecureRandomNumberGenerator().nextBytes(); Object hashedPassword = new Sha1Hash("password", salt); SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName"); //simulate a username/password (plaintext) token created in response to a login attempt: AuthenticationToken token = new UsernamePasswordToken("username", "password"); //verify the hashed token matches what is in the account: assertTrue(matcher.doCredentialsMatch(token, account)); }
private RandomNumberGenerator getRandomNumberGenerator() { if ( randomNumberGenerator == null ) { randomNumberGenerator = new SecureRandomNumberGenerator(); } return randomNumberGenerator; }
public ByteSource nextBytes() { return nextBytes(getDefaultNextBytesSize()); }
/** * 获取随机盐值 * * @param length 字节长度,一个字节2位16进制数表示 * @return */ public static String getRandomSalt(int length) { return new SecureRandomNumberGenerator().nextBytes(length).toHex(); }
/** * Constructs a new {@code DefaultHashService} instance with the following defaults: * <ul> * <li>{@link #setHashAlgorithmName(String) hashAlgorithmName} = {@code SHA-512}</li> * <li>{@link #setHashIterations(int) hashIterations} = {@code 1}</li> * <li>{@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} = * new {@link SecureRandomNumberGenerator}()</li> * <li>{@link #setGeneratePublicSalt(boolean) generatePublicSalt} = {@code false}</li> * </ul> * <p/> * If this hashService will be used for password hashing it is recommended to set the * {@link #setPrivateSalt(ByteSource) privateSalt} and significantly increase the number of * {@link #setHashIterations(int) hashIterations}. See the class-level JavaDoc for more information. */ public DefaultHashService() { this.algorithmName = "SHA-512"; this.iterations = 1; this.generatePublicSalt = false; this.rng = new SecureRandomNumberGenerator(); }
public ByteSource nextBytes() { return nextBytes(getDefaultNextBytesSize()); }
/** * 获取随机盐值 * * @param length 字节长度,一个字节2位16进制数表示 * @return */ public static String getRandomSalt(int length) { return new SecureRandomNumberGenerator().nextBytes(length).toHex(); }
RandomNumberGenerator rng = new SecureRandomNumberGenerator(); Object salt = rng.nextBytes(); //Now hash the plain-text password with the random salt and multiple //iterations and then Base64-encode the value (requires less space than Hex): String hashedPasswordBase64 = new Sha256Hash(password, salt, 1024).toBase64();
/** * 获取随机盐值 * * @param length 字节长度,一个字节2位16进制数表示 * @return */ public static String getRandomSalt(int length) { return new SecureRandomNumberGenerator().nextBytes(length).toHex(); }
import org.apache.shiro.crypto.hash.Sha256Hash; import org.apache.shiro.crypto.RandomNumberGenerator; import org.apache.shiro.crypto.SecureRandomNumberGenerator; ... //We'll use a Random Number Generator to generate salts. This //is much more secure than using a username as a salt or not //having a salt at all. Shiro makes this easy. // //Note that a normal app would reference an attribute rather //than create a new RNG every time: RandomNumberGenerator rng = new SecureRandomNumberGenerator(); Object salt = rng.nextBytes(); //Now hash the plain-text password with the random salt and multiple //iterations and then Base64-encode the value (requires less space than Hex): String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64(); User user = new User(username, hashedPasswordBase64); //save the salt with the new account. The HashedCredentialsMatcher //will need it later when handling login attempts: user.setPasswordSalt(salt); userDAO.create(user);
/** * 生成随机盐 */ public static String randomSalt() { // 一个Byte占两个字节,此处生成的3字节,字符串长度为6 SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator(); return secureRandom.nextBytes(3).toHex(); } }
/** * Generates a salt for use with password salting * * @return randomly generated salt in Base64 format */ public static String generateSalt() { // Generate a random salt for a password (password salt is Base64) RandomNumberGenerator rng = new SecureRandomNumberGenerator(); return rng.nextBytes().toBase64(); }
/** * 生成随机盐,长度32位 * @return */ public static String generateSalt(){ SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator(); String hex = secureRandom.nextBytes(16).toHex(); return hex; }
private byte randomByte(int max) { RandomNumberGenerator generator = new SecureRandomNumberGenerator(); return (byte) (generator.nextBytes(1).getBytes()[0] % max); }
public static void main(String[] args) { int iterations = 2; SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator(); ByteSource nextByteSource = generator.nextBytes(); Md5Hash md5Hash = new Md5Hash("234", ByteSource.Util.bytes(nextByteSource),iterations); md5Hash.setIterations(iterations); System.out.println("md5hash to hex: "+md5Hash.toHex()); SimpleHash hash = new SimpleHash("md5","234",ByteSource.Util.bytes(nextByteSource),iterations); System.out.println("simple hash to hex: "+hash.toHex()); }
private byte[] randomBytes(int length) { RandomNumberGenerator generator = new SecureRandomNumberGenerator(); return generator.nextBytes(length).getBytes(); }