Menu
What's the best way to produce a SALT value in Java as a String that's at least 32 bytes long?
931
To generate salt bytes in Java, we just need to make sure that we use a secure random number generator. Construct an instance of SecureRandom, create (say) a 20-byte array, and call nextBytes() on that array: Random r = new SecureRandom(); byte[] salt = new byte[20]; r. nextBytes(salt);
According to OWASP Guidelines, a salt is a value generated by a cryptographically secure function that is added to the input of hash functions to create unique hashes for every input, regardless of the input not being unique.
A salt is a random character string that is added to the beginning or the end of a password. This salt is unique to each user, and is stored in the database along with the username and salted-hashed password. An example username-password database using the SHA256 hashing function with a salt.
The Salted SHA512 Password Storage Scheme provides a mechanism for encoding user passwords using a salted form of the 512-bit SHA-2 message digest algorithm.
final Random r = new SecureRandom(); byte[] salt = new byte[32]; r.nextBytes(salt); /** String encodedSalt = Base64.encodeBase64String(salt); */ In SpringSecurity you can use org.springframework.security.crypto.keygen.KeyGenerators
http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/crypto/keygen/KeyGenerators.html
http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#spring-security-crypto-keygenerators
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
