2

I am fairly new to cryptography and I am using BouncyCasetle API to encrypt password and store it in the database. For encryption I am using SHA-1 algorithm and I want to salt the password to prevent it agains dictionary attacks.

Any help would be appreciated.

Saro Taşciyan
  • 5,210
  • 5
  • 31
  • 50
cheddarDev
  • 232
  • 1
  • 7
  • 22
  • 1
    What have you tried so far? And I assume that you are planning to store a hash which would be one-way rather than actually encrypting. – Teresa Carrigan Feb 04 '14 at 23:03
  • The problem is I cannot find a correct documentation where in I can understand whats happening using BouncyCastle I have been trying to use PBEParametersGenerator and use its pbeParamGen.init(passwordBytes, salt, iterations); – cheddarDev Feb 04 '14 at 23:06
  • Also consider to use the SRP-Protocol (Secure Remote Password Protocol) instead of storing hashed passwords. – Puce Feb 04 '14 at 23:07
  • @Puce, thanks for the heads-up on SRP. I'm frankly shocked I hadn't heard of it yet. – Jeffrey Hantin Feb 04 '14 at 23:44

2 Answers2

9

I'd recommend use of a Password-Based Key Derivation Function instead of a basic hash function for this. Something like this:

// tuning parameters

// these sizes are relatively arbitrary
int seedBytes = 20;
int hashBytes = 20;

// increase iterations as high as your performance can tolerate
// since this increases computational cost of password guessing
// which should help security
int iterations = 1000;

// to save a new password:

SecureRandom rng = new SecureRandom();
byte[] salt = rng.generateSeed(seedBytes);

Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
kdf.init(passwordToSave.getBytes("UTF-8"), salt, iterations);

byte[] hash =
    ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();

// now save salt and hash

// to check a password, given the known previous salt and hash:

kdf = new Pkcs5S2ParametersGenerator();
kdf.init(passwordToCheck.getBytes("UTF-8"), salt, iterations);

byte[] hashToCheck =
    ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();

// if the bytes of hashToCheck don't match the bytes of hash
// that means the password is invalid
Jeffrey Hantin
  • 35,734
  • 7
  • 75
  • 94
  • while storing into the database, should I encode the byteArray using Base64 and while getting back should I decode using the same used Base64? The password being varchar cannot store byteArray and I am finding difficulties in storing the values into varbinary. – cheddarDev Feb 04 '14 at 23:46
  • @Zingo, Base64 is exactly intended for stuffing binary data into character fields. However, **do not** perform the hash equality check inside your SQL database, since Base64 is case-sensitive and `varchar` types often are not. Instead, since you have to retrieve the row to get `salt` anyway, fetch `hash` at the same time and do the comparison in Java. – Jeffrey Hantin Feb 04 '14 at 23:53
  • Thanks (: for your inputs I just checked it did work thanks any links you can provide where I can have a thorough documentation of the API's used in BouncyCastle. – cheddarDev Feb 05 '14 at 00:40
  • @Zingo, are you looking for the [javadoc](http://www.bouncycastle.org/docs/docs1.5on/index.html) or the [guide](http://www.cryptoworkshop.com/guide/)? – Jeffrey Hantin Feb 05 '14 at 01:24
  • thanks I was looking for some Guide. Thanks a ton again for you inputs :) – cheddarDev Feb 05 '14 at 02:28
0

Well what you could do is get a:

StringBuilder salt=new StringBuilder();
salt.append("MySuperSecretSalt");
MessageDigest md = MessageDigest.getInstance("SHA-256");
String text = "This is text to hash";
salt.append(text);    
md.update(salt.toString().getBytes("UTF-8")); // Change this to "UTF-16" if needed
byte[] digest = md.digest();

Your, digest now contains the hash of your string+salt so it help with protecting against rainbow tables.

Iszlai Lehel
  • 233
  • 3
  • 11
  • 3
    *Nota bene:* using a constant string essentially defeats the purpose of a salt. The salt needs to be unique for each hashed password in order to prevent a single password guess from being mass-compared to the entire table. – Jeffrey Hantin Feb 04 '14 at 23:22
  • Hi, Thanks for your inputs, I have to use BouncyCastle API is there any document that you can point me to where in I can get the same equivalent of the code that you just used. – cheddarDev Feb 04 '14 at 23:25
  • @JeffreyHantin I will be generating random salt and storing the same salt so that I can use it for decrypting when needed. Is that the right approach? – cheddarDev Feb 04 '14 at 23:26
  • @JeffreyHantin You are right ,i just wanted to show an easy example. Cheers – Iszlai Lehel Feb 04 '14 at 23:27
  • 1
    @Zingo if you wan't to decode the data ,that you don't want to use hash-es you should be using something like AES ,with a secure key that you could get from a hash for example. – Iszlai Lehel Feb 04 '14 at 23:29