org.silverpeas.authentication.encryption
Class UnixSHA512Encryption

java.lang.Object
  extended by org.silverpeas.authentication.encryption.UnixSHA512Encryption
All Implemented Interfaces:
PasswordEncryption

public class UnixSHA512Encryption
extends Object
implements PasswordEncryption

A variation of the SHA-512 algorithm (Secure Hash Algorithm) as used in current Unix systems for hashing the passwords.

This version uses salting and stretching to perturb the algorithm in different ways, and hence to be less vulnerable to attacks. It computes a base64-encoded digest of 123 characters at maximum from a salt and an unencrypted password; the SHA-512 encrypted password in the digest is fixed at 86 characters.

The UnixSHA512Encryption class is based upon the the new generation, scalable, SHA-512-based Unix 'crypt' algorithm developed by a group of engineers from Red Hat, Sun, IBM, and HP for common use in Unix and Linux.

The Linux glibc library (starting at version 2.7) includes support for validating passwords hashed using this algorithm.

The algorithm itself was released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. A discussion of the rationale and development of this algorithm is at http://people.redhat.com/drepper/sha-crypt.html and the specification and a sample C language implementation is at http://people.redhat.com/drepper/SHA-crypt.txt


Field Summary
 
Fields inherited from interface org.silverpeas.authentication.encryption.PasswordEncryption
BAD_PASSWORD_MESSAGE
 
Constructor Summary
UnixSHA512Encryption()
           
 
Method Summary
 void check(String password, String digest)
          Checks the specified password matches the specified digest.
 boolean doUnderstandDigest(String digest)
          Does this encryption understand the specified digest?
 String encrypt(String password)
          Encrypts the specified password by using a random salt (or no salt for some weakness algorithms).
 String encrypt(String password, byte[] salt)
          Encrypts the specified password by using the specified salt.
 byte[] getSaltUsedInDigest(String digest)
          Gets the salt that was used to compute the specified digest.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UnixSHA512Encryption

public UnixSHA512Encryption()
Method Detail

encrypt

public String encrypt(String password)
Encrypts the specified password by using a random salt (or no salt for some weakness algorithms).

Specified by:
encrypt in interface PasswordEncryption
Parameters:
password - the password to encrypt.
Returns:
a digest of the password.

encrypt

public String encrypt(String password,
                      byte[] salt)
Encrypts the specified password by using the specified salt. If the salt is null or empty, then a random salt is computed.

Specified by:
encrypt in interface PasswordEncryption
Parameters:
password - the password to encrypt.
salt - the salt to use to generate more entropy in the encryption of the password.
Returns:
a digest of the password.

check

public void check(String password,
                  String digest)
           throws AssertionError
Checks the specified password matches the specified digest.

Specified by:
check in interface PasswordEncryption
Parameters:
password - an unencrypted password.
digest - a digest of a password with which the specified password has to be matched.
Throws:
AssertionError - if the digest wasn't computed from the specified password.

getSaltUsedInDigest

public byte[] getSaltUsedInDigest(String digest)
Gets the salt that was used to compute the specified digest.

According to the cryptographic algorithm that computed the digest, the salt used in the encryption can be retrieved from the digest itself. In the case the salt cannot be determine, an empty one is then returned.

If the digest cannot be analysed by this encryption then an IllegalArgumentException exception is thrown.

Specified by:
getSaltUsedInDigest in interface PasswordEncryption
Parameters:
digest - the digest from which the salt has to be get.
Returns:
the salt or nothing (an empty salt) if it cannot be get from the digest.

doUnderstandDigest

public boolean doUnderstandDigest(String digest)
Does this encryption understand the specified digest? An encryption understands usually the digest it has itself generated. This method is for knowing the encryption that has computed a given digest.

Specified by:
doUnderstandDigest in interface PasswordEncryption
Parameters:
digest - the digest to analyse.
Returns:
true if the specified digest was computed by this encryption, false if it doesn't understand it (either the encryption hasn't generated the digest or it cannot analyse it).


Copyright © 2016 Silverpeas. All Rights Reserved.