|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PasswordEncryption
Encryption of a user password or passphrase by using a cryptographic one-way hash algorithm.
While the message authentication and the integrity checking requires a hash function that matters in speed and in efficiency (a different digest for inputs altered even a little), the hashing of the passwords or passphrases require robustness and future-proof against strong attacks that take advantage of a hardware more and more powerful and of the password's lifetime. Usually, the hash functions used in the encryption of a password is based on a standard and well known cryptographic algorithm: MD5, SHA-1, SHA-256, etc. Unfortunately, these functions don't suit well for encrypting password for the reasons explained above; they suffer of the recognizability and of the speed problems. This is why techniques like the salting (random sequence of bytes which is added to the hash function) and the stretching (iteration of the hash function many times) should be used to address the weakness of these one-way hash functions. (These techniques are usually used by the Unix system in their variations of the above algorithms to encrypt the user passwords.) Another and better solution is to use an adaptive key derivations functions to encrypt the passwords or the passphrases as they generate more entropy in the digest computation.
Field Summary | |
---|---|
static String |
BAD_PASSWORD_MESSAGE
A format message for the check(String, String) method when the
password doesn't match the digest. |
Method Summary | |
---|---|
void |
check(String password,
String digest)
Checks the specified password matches the specified digest. |
boolean |
doUnderstandDigest(String digest)
Does this encryption understand the specified digest? |
String |
encrypt(String password)
Encrypts the specified password by using a random salt (or no salt for some weakness algorithms). |
String |
encrypt(String password,
byte[] salt)
Encrypts the specified password by using the specified salt. |
byte[] |
getSaltUsedInDigest(String digest)
Gets the salt that was used to compute the specified digest. |
Field Detail |
---|
static final String BAD_PASSWORD_MESSAGE
check(String, String)
method when the
password doesn't match the digest. It serves as a template for the error message to be carried
by the AssertionError error.
Method Detail |
---|
String encrypt(String password)
password
- the password to encrypt.
String encrypt(String password, byte[] salt)
password
- the password to encrypt.salt
- the salt to use to generate more entropy in the encryption of the password.
void check(String password, String digest) throws AssertionError
password
- an unencrypted password.digest
- a digest of a password with which the specified password has to be matched.
AssertionError
- if the digest wasn't computed from the specified password.byte[] getSaltUsedInDigest(String digest)
digest
- the digest from which the salt has to be get.
boolean doUnderstandDigest(String digest)
digest
- the digest to analyse.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |