How can I hash a password in Java

Question

I need to hash passwords for storage in a database  How can I do this in Java   I was hoping to take the plain text password  add a random salt  then store the salt and the hashed password in the database   Then when a user wanted to log in  I could take their submitted password  add the random salt from their account information  hash it and see if it equates to the stored hash password with their account information

User · Answer

In addition to bcrypt and PBKDF2 mentioned in other answers, I would recommend looking at scrypt

MD5 and SHA-1 are not recommended as they are relatively fast thus using "rent per hour" distributed computing (e.g. EC2) or a modern high end GPU one can "crack" passwords using brute force / dictionary attacks in relatively low costs and reasonable time.

If you must use them, then at least iterate the algorithm a predefined significant amount of times (1000+).

See here for more: https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords
And here: http://codahale.com/how-to-safely-store-a-password/ (criticizes SHA family, MD5 etc for password hashing purposes)
And here: http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html (criticizes bcrypt and recommends scrypt and PBKDF2)

User · Answer

You can comput hashes using MessageDigest  but this is wrong in terms of security  Hashes are not to be used for storing passwords  as they are easily breakable    You should use another algorithm like bcrypt  PBKDF2 and scrypt to store you passwords  See here

User · Answer

BCrypt is a very good library  and there is a Java port of it

User · Answer

As of 2020  the most reliable password hashing algorithm in use  most likely to optimise its strength given any hardware  is Argon2id or Argon2i but not its Spring implementation  The PBKDF2 standard includes the the CPU-greedy computationally-expensive feature of the block cipher BCRYPT algo  and add its  stream cipher capability  PBKDF2 was overwhelmed by the memory exponentially-greedy SCRYPT then by the side-channel-attack-resistant Argon2 Argon2 provides the necessary calibration tool to find optimized strength parameters given a target hashing time and the hardware used   Argon2i is specialized in memory greedy hashing Argon2d is specialized in CPU greedy hashing Argon2id use both methods   Memory greedy hashing would help against GPU use for cracking  Spring security Bouncy Castle implementation is not optimized and relatively week given what attacker could use  cf  Spring doc Argon2 and Scrypt  The currently implementation uses Bouncy castle which does not exploit parallelism optimizations that password crackers will  so there is an unnecessary asymmetry between attacker and defender   The most credible implementation in use for java is mkammerer s one  a wrapper jar library of the official native implementation written in C  It is well written and simple to use  The embedded version provides native builds for Linux  windows and OSX  As an example  it is used by jpmorganchase in its tessera security project used to secure Quorum  its Ethereum cryptocurency implementation  Here is an example      final char   password    quot a4e9y2tr0ngAnd7on6P      M  RD quot  toCharArray        byte   salt   new byte 128       new SecureRandom   nextBytes salt       final Argon2Advanced argon2   Argon2Factory createAdvanced Argon2Factory Argon2Types ARGON2id       byte   hash   argon2 rawHash 10  1048576  4  password  salt     see tessera  Declare the lib in your POM   lt dependency gt       lt groupId gt de mkammerer lt  groupId gt       lt artifactId gt argon2-jvm lt  artifactId gt       lt version gt 2 7 lt  version gt   lt  dependency gt   or with gradle  compile  de mkammerer argon2-jvm 2 7   Calibration may be performed using  de mkammerer argon2 Argon2Helper findIterations SCRYPT and Pbkdf2 algorithm might also be calibrated by writing some simple benchmark  but current minimal safe iterations values  will require higher hashing times

User · Answer

Fully agree with Erickson that PBKDF2 is the answer   If you don t have that option  or only need to use a hash  Apache Commons DigestUtils is much easier than getting JCE code right  https   commons apache org proper commons-codec apidocs org apache commons codec digest DigestUtils html  If you use a hash  go with sha256 or sha512  This page has good recommendations on password handling and hashing  note it doesn t recommend hashing for password handling   http   www daemonology net blog 2009-06-11-cryptographic-right-answers html

User · Answer

You could use Spring Security Crypto  has only 2 optional compile dependencies   which supports PBKDF2  BCrypt  SCrypt and Argon2 password encryption   Argon2PasswordEncoder argon2PasswordEncoder   new Argon2PasswordEncoder    String aCryptedPassword   argon2PasswordEncoder encode  password    boolean passwordIsValid   argon2PasswordEncoder matches  password   aCryptedPassword     SCryptPasswordEncoder sCryptPasswordEncoder   new SCryptPasswordEncoder    String sCryptedPassword   sCryptPasswordEncoder encode  password    boolean passwordIsValid   sCryptPasswordEncoder matches  password   sCryptedPassword     BCryptPasswordEncoder bCryptPasswordEncoder   new BCryptPasswordEncoder    String bCryptedPassword   bCryptPasswordEncoder encode  password    boolean passwordIsValid   bCryptPasswordEncoder matches  password   bCryptedPassword     Pbkdf2PasswordEncoder pbkdf2PasswordEncoder   new Pbkdf2PasswordEncoder    String pbkdf2CryptedPassword   pbkdf2PasswordEncoder encode  password    boolean passwordIsValid   pbkdf2PasswordEncoder matches  password   pbkdf2CryptedPassword

User · Answer

You can actually use a facility built in to the Java runtime to do this  The SunJCE in Java 6 supports PBKDF2  which is a good algorithm to use for password hashing   byte   salt   new byte 16   random nextBytes salt   KeySpec spec   new PBEKeySpec  password  toCharArray    salt  65536  128   SecretKeyFactory f   SecretKeyFactory getInstance  PBKDF2WithHmacSHA1    byte   hash   f generateSecret spec  getEncoded    Base64 Encoder enc   Base64 getEncoder    System out printf  salt   s n   enc encodeToString salt    System out printf  hash   s n   enc encodeToString hash      Here s a utility class that you can use for PBKDF2 password authentication   import java security NoSuchAlgorithmException  import java security SecureRandom  import java security spec InvalidKeySpecException  import java security spec KeySpec  import java util Arrays  import java util Base64  import java util regex Matcher  import java util regex Pattern   import javax crypto SecretKeyFactory  import javax crypto spec PBEKeySpec          Hash passwords for storage  and test passwords against password tokens         Instances of this class can be used concurrently by multiple threads           author erickson     see  lt a href  http   stackoverflow com a 2861125 3474  gt StackOverflow lt  a gt      public final class PasswordAuthentication               Each token produced by this class uses this identifier as a prefix          public static final String ID     31                The minimum recommended cost  used by default         public static final int DEFAULT COST   16     private static final String ALGORITHM    PBKDF2WithHmacSHA1      private static final int SIZE   128     private static final Pattern layout   Pattern compile     31      d  d        43         private final SecureRandom random     private final int cost     public PasswordAuthentication           this DEFAULT COST                   Create a password manager with a specified cost             param cost the exponential computational cost of hashing a password  0 to 30         public PasswordAuthentication int cost          iterations cost      Validate cost        this cost   cost      this random   new SecureRandom           private static int iterations int cost          if   cost  lt  0      cost  gt  30         throw new IllegalArgumentException  cost      cost       return 1  lt  lt  cost                  Hash a password for storage              return a secure authentication token to be stored for later authentication          public String hash char   password          byte   salt   new byte SIZE   8       random nextBytes salt       byte   dk   pbkdf2 password  salt  1  lt  lt  cost       byte   hash   new byte salt length   dk length       System arraycopy salt  0  hash  0  salt length       System arraycopy dk  0  hash  salt length  dk length       Base64 Encoder enc   Base64 getUrlEncoder   withoutPadding        return ID   cost         enc encodeToString hash                   Authenticate with a password and a stored password token              return true if the password and token match         public boolean authenticate char   password  String token          Matcher m   layout matcher token       if   m matches          throw new IllegalArgumentException  Invalid token format        int iterations   iterations Integer parseInt m group 1         byte   hash   Base64 getUrlDecoder   decode m group 2        byte   salt   Arrays copyOfRange hash  0  SIZE   8       byte   check   pbkdf2 password  salt  iterations       int zero   0      for  int idx   0  idx  lt  check length    idx        zero    hash salt length   idx    check idx       return zero    0         private static byte   pbkdf2 char   password  byte   salt  int iterations          KeySpec spec   new PBEKeySpec password  salt  iterations  SIZE       try         SecretKeyFactory f   SecretKeyFactory getInstance ALGORITHM         return f generateSecret spec  getEncoded              catch  NoSuchAlgorithmException ex          throw new IllegalStateException  Missing algorithm      ALGORITHM  ex             catch  InvalidKeySpecException ex          throw new IllegalStateException  Invalid SecretKeyFactory   ex                         Hash a password in an immutable   code String                lt p gt Passwords should be stored in a   code char    so that it can be filled       with zeros after use instead of lingering on the heap and elsewhere              deprecated Use   link  hash char     instead          Deprecated   public String hash String password          return hash password toCharArray                     Authenticate with a password in an immutable   code String  and a stored       password token               deprecated Use   link  authenticate char   String   instead        see  hash String           Deprecated   public boolean authenticate String password  String token          return authenticate password toCharArray    token

User · Answer

You can use the Shiro library s  formerly JSecurity  implementation of what is described by OWASP    It also looks like the JASYPT library has a similar utility

User · Answer

Among all the standard hash schemes  LDAP ssha is the most secure one to use   http   www openldap org faq data cache 347 html  I would just follow the algorithms specified there and use MessageDigest to do the hash   You need to store the salt in your database as you suggested

User · Answer

Here you have two links for MD5 hashing and other hash methods  Javadoc API  https   docs oracle com javase 1 5 0 docs api java security MessageDigest html Tutorial  http   www twmacinta com myjava fast md5 php

User · Answer

i leaned that from a video on udemy and edited to be stronger random password     private String pass             String passswet  1234567890zxcvbbnmasdfghjklop iuytrtewq      amp               char icon1          char   t new char 20             int rand1  int  Math random   6  38   to make a random within the range of special characters              icon1 passswet charAt rand1    will produce char with a special character          int i 0          while  i  lt 11                  int rand  int  Math random   passswet length                    notice  int  as the original value of Math gt random   is double               t i   passswet charAt rand                 i                    t 10  icon1    to replace the specified item with icon1                    return new String t

User · Answer

While the NIST recommendation PBKDF2 has already been mentioned  I d like to point out that there was a public password hashing competition that ran from 2013 to 2015  In the end  Argon2 was chosen as the recommended password hashing function   There is a fairly well adopted Java binding for the original  native C  library that you can use   In the average use-case  I don t think it does matter from a security perspective if you choose PBKDF2 over Argon2 or vice-versa  If you have strong security requirements  I recommend considering Argon2 in your evaluation   For further information on the security of password hashing functions see security se

[java] How can I hash a password in Java?

Examples related to java

Examples related to passwords

Examples related to cryptographic-hash-function