In this example, we will learn the technique of salted password hashing (SHA-256 algorithm) with an example.
The SHA-256 algorithm generates an almost-unique, fixed-size 256-bit (32-byte) hash. This is a one-way function, so the result cannot be decrypted back to the original value.
Java sha256 Hash With Salt Example
package com.avaya.smgr.tm.util;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
public class SecureUtils {
public static String getSecurePassword(String password, byte[] salt) {
String generatedPassword = null;
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(salt);
byte[] bytes = md.digest(password.getBytes());
StringBuilder sb = new StringBuilder();
for (int i = 0; i < bytes.length; i++) {
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
}
generatedPassword = sb.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return generatedPassword;
}
private static byte[] getSalt() throws NoSuchAlgorithmException {
SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);
return salt;
}
public static void main(String[] args) throws NoSuchAlgorithmException {
// same salt should be passed
byte[] salt = getSalt();
String password1 = getSecurePassword("Password", salt);
String password2 = getSecurePassword("Password", salt);
System.out.println(" Password 1 -> " + password1);
System.out.println(" Password 2 -> " + password2);
if (password1.equals(password2)) {
System.out.println("passwords are equal");
}
}
}
Output:
Password 1 -> ef7e71a5f010e4b2dc5ced58c672722e3d7d477b3e30621ac80477ce418459cd
Password 2 -> ef7e71a5f010e4b2dc5ced58c672722e3d7d477b3e30621ac80477ce418459cd
passwords are equal
Comments
Post a Comment