Java encryption with sha256 and salt

2.7k views Asked by At

I need a little help from you, I have an exercise , to do a login program and to store the password with sha-256 and salt, I made a part, but here it's the hard part. I've read that if you use sha-256 that you can't reverse the operation to determine the password. If it's true then what I need to use to encrypt the password and after I encrypt the password, how can I login if the password is encrypted? PS: I've searched on google.

3

There are 3 answers

0
Alexander Kaschta On BEST ANSWER

Let's assume your password is 12345678. You are going to hash this password and save it to you program. In your login program you take the input from the user, hash it with the same algorithm and then compare the two hashed strings. If the are equal, the strings are equal, if not, they aren't equal. The person cannot figure out what the correct password is and you have hashed your password.

0
Igor O. On

You should read about how hash functions work. Hash functions only produce a value, that depends on your input. Since the formula to calculate that value is always the same for a particular hash function (i.e. SHA-256), you can always produce it, if you know the input (the password in your case). So, unlike ciphers, a value calculated by the hash function is not supposed to be decrypted.

what I need to use to encrypt the password

You don't have to encrypt the password, since as you said, you cannot reverse the operation by just knowing the hash value, that's stored in you database. You can only gain access, if you know the password in plain text form.

1
Kiryamwibo Yenusu On

Try the sample code below, it works well on my side

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
import java.util.Base64.Encoder;
import java.util.Scanner;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.util.Base64.Decoder;

public class Cryptography {

public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeySpecException {
    Encoder encoder = Base64.getUrlEncoder().withoutPadding();
    Decoder decoder = Base64.getUrlDecoder();
    String integritystring = "810710202108241079100KAY435788318046";
    String strSalt = "3a9IbkKNr2RjwFwGnPudHbLfA4zugj6TVcoBtlWpJl0m";
    byte[] bSalt = Base64.getMimeDecoder().decode(strSalt);
    System.out.println("Salt: " + strSalt);
    System.out.println("integritystring: " + integritystring);
    String strHash = encoder.encodeToString(Hash(integritystring, bSalt));
    System.out.println("Hash: " + strHash);
}



private static byte[] Salt() {
    SecureRandom random = new SecureRandom();
    byte salt[] = new byte[6];
    random.nextBytes(salt);
    return salt;
}

private static byte[] Hash(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    byte[] hash = factory.generateSecret(spec).getEncoded();
    return hash;
}

}