0

In which situation should I use ZeroSaltGenerator. Definition says. This implementation of

SaltGenerator always returns a salt of the required length, filled with zero bytes.

Please explain me the concept.

Kasun
  • 561
  • 11
  • 22
  • I cannot think of anything other than completeness, testing and compatibility with other implementations. It was probably easy enough to program :) Normally you would use the (default) `RandomSaltGenerator`. It would be useful as IV (as the data encryption key is different anyway for each salt) but it does not seem to be used for that, whatever the class description says. – Maarten Bodewes Apr 22 '14 at 22:19
  • 1. RandomSaltGenerator does it save the internally generated salt with persisted value.? – Kasun Apr 22 '14 at 23:09
  • It's only a generator, it won't save the zero bytes it creates. Why should it? It only output byte arrays with zero valued bytes of a certain length. – Maarten Bodewes Apr 22 '14 at 23:12
  • Someone has to save the salt in back end isnt it?. For example saving a sensitive data like credit card number. Security provider like Jasypt must save Credit card number with the salt. if it does not how is it going to internally decrypt ? – Kasun Apr 22 '14 at 23:21
  • Well, if you are using `ZeroSaltGenerator` you only need to store the number of bytes generated. That can be hard coded. Of course, if you want to have any use for the salt, use `RandomSaltGenerator` - the default - instead. In that case you do need to store the salt. – Maarten Bodewes Apr 22 '14 at 23:27
  • Thanks. My comment was about the 'RandomSaltGenerator' based on your reply. In RandomSaltGenerator it generates the salt randomly. if the default algorithm is PBEWithMD5AndDES does this save the salt automatically when we save the desired field to be encrypted? If there is a chance that we can get the generated salt ? – Kasun Apr 22 '14 at 23:35
  • Ah, yeah, but that's not handled in the generator itself. Check e.g. the `StandardPBEByteEncryptor`: " This encryptor uses a salt for each encryption operation. The size of the salt depends on the algorithm being used. This salt is used for creating the encryption key and, if generated by a random generator, it is also appended unencrypted at the beginning of the results so that a decryption operation can be performed. " These kind of things are always easy once you know what to search for :P – Maarten Bodewes Apr 22 '14 at 23:39
  • I am using HibernatePBEStringEncrypto that uses StandardPBEByteEncryptor. This has interesting settings like DEFAULT_ALGORITHM = "PBEWithMD5AndDES",DEFAULT_KEY_OBTENTION_ITERATIONS = 1000,DEFAULT_SALT_SIZE_BYTES = 8. 1. As these are final variables does size of the salt really depends on the algorithm being used or is it fixed with this final variable ? 2. Also since this is PBEWithMD5AndDES I think no one can decrypt the details. How does the description process happens (It many be a vague question) – Kasun Apr 22 '14 at 23:48
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/51217/discussion-between-owlstead-and-kasun) – Maarten Bodewes Apr 22 '14 at 23:52

0 Answers0