2

I need to send to a remote database the SHA-3-512 of a password from an Android application. How could I do that?

Davide Quadrelli
  • 31
  • 2

1 Answers1

0

I am not sure about the difference between the SHA-0 / SHA-1 / SHA-2 / SHA-3, but you can query the available services of a device as the list of available services is device dependent. 

    MessageDigest digest = null;
    try {
      digest = MessageDigest.getInstance("SHA512");
      String password = "password";
      byte[] output = digest.digest( password.getBytes("UTF-8"));
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (UnsupportedEncodingException e) {
      e.printStackTrace();
    }

The getInstance() function checks the list of services. On my Lollipop device it is:

0 = "SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT" -> " size = 1"
1 = "Signature.SHA384WITHRSAENCRYPTION" -> " size = 4"
2 = "Cipher.RSA//NOPADDING" -> " size = 1"
3 = "SSLContext.SSLV3" -> " size = 1"
4 = "Cipher.1.2.840.113549.1.5.3" -> " size = 1"
5 = "AlgorithmParameters.1.3.6.1.4.1.22554.1.2.1.2.1.42" -> " size = 1"
6 = "Cipher.AES/CTR/NOPADDING" -> " size = 1"
7 = "Signature.SHA512/ECDSA" -> " size = 1"
8 = "Signature.OID.1.2.840.10045.4.3.2" -> " size = 1"
9 = "Cipher.PBEWITHSHA1ANDDESEDE" -> " size = 1"
10 = "KeyStore.ANDROIDCASTORE" -> " size = 1"
11 = "SecretKeyFactory.1.3.6.1.4.1.22554.1.1.2.1.22" -> " size = 1"
12 = "MessageDigest.SHA-224" -> " size = 2"
13 = "SecretKeyFactory.PBEWITHSHA1ANDDES" -> " size = 1"
14 = "KeyGenerator.1.3.6.1.5.5.8.1.2" -> " size = 1"
15 = "KeyAgreement.DH" -> " size = 1"
16 = "Cipher.DESEDE/CBC/PKCS5PADDING" -> " size = 1"
17 = "AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC" -> " size = 1"
18 = "Cipher.PBEWITHSHA1ANDRC2" -> " size = 1"
19 = "Cipher.PBEWITHSHAAND128BITAES-CBC-BC" -> " size = 1"
20 = "KeyPairGenerator.1.2.840.113549.1.1.1" -> " size = 2"
21 = "KeyPairGenerator.DSA" -> " size = 2"
22 = "Signature.1.2.840.113549.1.1.13" -> " size = 2"
23 = "Mac.1.2.840.113549.2.8" -> " size = 1"
24 = "CertificateFactory.X509" -> " size = 2"
25 = "AlgorithmParameters.1.3.14.3.2.27" -> " size = 1"
26 = "Mac.HMAC-SHA512" -> " size = 2"
27 = "SecretKeyFactory.1.2.840.113549.1.5.6" -> " size = 1"
28 = "Signature.OID.1.2.840.113549.1.1.4" -> " size = 1"
29 = "KeyGenerator.HMAC-MD5" -> " size = 1"
30 = "Signature.1.2.840.113549.2.5WITH1.2.840.113549.1.1.1" -> " size = 1"
31 = "Signature.2.16.840.1.101.3.4.2.3WITH1.2.840.113549.1.1.1" -> " size = 1"
32 = "Signature.SHA512WITHECDSA" -> " size = 4"
33 = "Signature.OID.1.2.840.113549.1.1.5" -> " size = 1"
34 = "SecretKeyFactory.1.2.840.113549.1.12.1.2" -> " size = 1"
35 = "Signature.SHA224/DSA" -> " size = 1"
36 = "SecretKeyFactory.TDEA" -> " size = 1"
37 = "Cipher.AES/CBC/PKCS7PADDING" -> " size = 1"
38 = "SecureRandom.SHA1PRNG" -> " size = 2"
39 = "Signature.OID.1.3.14.3.2.29" -> " size = 1"
40 = "KeyGenerator.1.2.840.113549.2.7" -> " size = 1"
41 = "SecretKeyFactory.PBEWITHHMACSHA" -> " size = 1"
42 = "Mac.HMAC/SHA384" -> " size = 2"
43 = "Signature.OID.1.2.840.10045.4.3.3" -> " size = 1"
44 = "SecretKeyFactory.PBEWITHSHAAND40BITRC4" -> " size = 1"
45 = "AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC" -> " size = 1"
46 = "Mac.HMAC-SHA224" -> " size = 2"
47 = "Cipher.1.2.840.113549.1.12.1.6" -> " size = 1"
48 = "Signature.OID.1.2.840.113549.1.1.14" -> " size = 1"
49 = "CertPathBuilder.PKIX" -> " size = 1"
50 = "Signature.SHA224/ECDSA" -> " size = 1"
51 = "Mac.HMACSHA1" -> " size = 2"
52 = "KeyGenerator.1.2.840.113549.3.4" -> " size = 1"
53 = "KeyGenerator.1.3.6.1.4.1.3029.1.2" -> " size = 1"
54 = "AlgorithmParameters.1.2.840.113549.1.12.1.2" -> " size = 1"
55 = "SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC" -> " size = 1"
56 = "AlgorithmParameters.2.16.840.1.101.3.4.1.22" -> " size = 1"
57 = "Cipher.PBEWITHSHA1AND192BITAES-CBC-BC" -> " size = 1"
58 = "AlgorithmParameters.OAEP" -> " size = 1"
59 = "Signature.SHA256/DSA" -> " size = 1"
60 = "AlgorithmParameters.PBEWITHSHAAND128BITRC4" -> " size = 1"
61 = "SecretKeyFactory.1.3.6.1.4.1.22554.1.1.2.1.2" -> " size = 1"
62 = "KeyPairGenerator.DH" -> " size = 2"
63 = "MessageDigest.SHA-384" -> " size = 2"
64 = "AlgorithmParameters.1.2.840.10040.4.1" -> " size = 1"
65 = "Cipher.AES/OFB/NOPADDING" -> " size = 1"
66 = "Signature.OID.1.2.840.10045.4.3.4" -> " size = 1"
67 = "Cipher.1.2.840.113549.1.5.10" -> " size = 1"
68 = "KeyGenerator.ARC4" -> " size = 1"
69 = "SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8" -> " size = 1"
70 = "Signature.SHA256/RSA" -> " size = 1"
71 = "AlgorithmParameters.1.2.840.113549.1.12.1.4" -> " size = 1"
72 = "Signature.OID.1.2.840.113549.1.1.11" -> " size = 1"
73 = "Mac.HMAC/MD5" -> " size = 1"
74 = "CertStore.COLLECTION" -> " size = 1"
75 = "AlgorithmParameterGenerator.DH" -> " size = 1"
76 = "Cipher.RSA/NONE/PKCS1PADDING" -> " size = 1"
77 = "MessageDigest.SHA256" -> " size = 2"
78 = "SecretKeyFactory.PBEWITHMD5ANDDES" -> " size = 1"
79 = "AlgorithmParameters.PBEWITHSHAANDRC2" -> " size = 1"
80 = "Signature.ECDSAWITHSHA1" -> " size = 4"
81 = "Signature.SHA256/ECDSA" -> " size = 1"
82 = "KeyGenerator.RC4" -> " size = 1"
83 = "KeyPairGenerator.EC" -> " size = 2"
84 = "AlgorithmParameters.2.16.840.1.101.3.4.1.6" -> " size = 1"
85 = "MessageDigest.SHA-1" -> " size = 2"
86 = "KeyGenerator.HMAC/SHA224" -> " size = 1"
87 = "Cipher.DESEDE/CFB/NOPADDING" -> " size = 1"
88 = "KeyGenerator.1.2.840.113549.2.8" -> " size = 1"
89 = "KeyGenerator.HMACSHA512" -> " size = 1"
90 = "Cipher.1.2.840.113549.1.12.1.2" -> " size = 1"
91 = "AlgorithmParameters.DSA" -> " size = 1"
92 = "Signature.2.16.840.1.101.3.4.2.2WITH1.2.840.10045.2.1" -> " size = 1"
93 = "Cipher.PBEWITHSHA1AND40BITRC2-CBC" -> " size = 1"
94 = "Signature.1.2.840.10040.4.1" -> " size = 1"
95 = "SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC" -> " size = 1"
96 = "Cipher.AES/ECB/NOPADDING" -> " size = 1"
97 = "SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC" -> " size = 1"
98 = "AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC" -> " size = 1"
99 = "Cipher.1.2.840.113549.1.12.1.4" -> " size = 1"

If you specify SHA512 it will return the matches:

0 = "Provider AndroidOpenSSL Service MessageDigest.SHA-512 com.android.org.conscrypt.OpenSSLMessageDigestJDK$SHA512\nAliases [SHA512, 2.16.840.1.101.3.4.2.3] {}"
1 = "Provider BC Service MessageDigest.SHA-512 com.android.org.bouncycastle.jcajce.provider.digest.SHA512$Digest\nAliases [SHA512, 2.16.840.1.101.3.4.2.3] {}"

If your target device doesn't have an appropriate service, you will need to include a Keccak implementation (SHA-3) into your code base. That approach will definitely work on every device, but much more prone to any errors causing serious security issues. You should avoid implementing/updating any security-critical code yourself and rely on the already used and tested solutions/libraries.

Habib
  • 472
  • 4
  • 9
  • SHA-3 is different from the SHA512: i never found the SHA-3 service to use. I think i will try another alghorithm or another solution, because i'm not able to implement the Keccak implementation without making giant errors. Thanks for the help! – Davide Quadrelli Jun 16 '16 at 09:56
  • Have you tried [this](https://github.com/diogovieira/jca-sha3-provider/blob/master/src/com/uminho/Keccak.java) implementation? Maybe a C++ implementation like [this](https://github.com/gvanas/KeccakCodePackage/blob/master/Standalone/CompactFIPS202/Keccak-readable-and-compact.c) through JNI? – Habib Jun 17 '16 at 23:25