- All Implemented Interfaces:
Serializable
,Comparable<HashedPassword.Algorithm>
- Enclosing class:
HashedPassword
- See Also:
-
Enum Constant Summary
Enum ConstantDescriptionDeprecated.Deprecated.MD5 should not be used for any cryptographic purpose, plus this is neither salted nor iterated so is subject to both dictionary and brute-force attacks.Deprecated.This was the previous algorithm used.Deprecated.Collision resistance of at least 128 bits is requiredDeprecated.SHA-1 should no longer be used for any cryptographic purpose, plus this is neither salted nor iterated so is subject to both dictionary and brute-force attacks. -
Method Summary
Modifier and TypeMethodDescriptionstatic HashedPassword.Algorithm
findAlgorithm
(String algorithmName) Case-insensitive lookup by algorithm name.byte[]
Generates a random salt ofgetSaltBytes()
bytes in length using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.byte[]
generateSalt
(SecureRandom secureRandom) Generates a random salt ofgetSaltBytes()
bytes in length using the providedSecureRandom
source.byte[]
generateSalt
(Random random) Deprecated.Please useSecureRandom
.Gets theSecretKeyFactory
algorithm name.int
Gets the number of bytes required to store the generated hash.int
Gets the maximum number of iterations allowed or0
when algorithm is not iterated.int
Gets the minimum number of iterations allowed or0
when algorithm is not iterated.int
Gets the recommended number of iterations for typical usage or0
when algorithm is not iterated.int
Gets the number of bytes of cryptographically strong random data that must be used with this algorithm.byte[]
Hash the given password togetHashBytes()
bytes.byte[]
Deprecated.Please usehash(com.aoapps.security.Password, byte[], int)
so the password may be destroyed.toString()
<Ex extends Throwable>
void<Ex extends Throwable>
byte[]validateHash
(Function<? super String, Ex> newThrowable, byte[] hash) <Ex extends Throwable>
intvalidateIterations
(Function<? super String, Ex> newThrowable, int iterations) <Ex extends Throwable>
byte[]validateSalt
(Function<? super String, Ex> newThrowable, byte[] salt) static HashedPassword.Algorithm
Returns the enum constant of this type with the specified name.static HashedPassword.Algorithm[]
values()
Returns an array containing the constants of this enum type, in the order they are declared.
-
Enum Constant Details
-
CRYPT
Deprecated.UnixCrypt
should not be used for any cryptographic purpose, plus this is barely salted and not iterated so is subject to both dictionary and brute-force attacks. -
MD5
Deprecated.MD5 should not be used for any cryptographic purpose, plus this is neither salted nor iterated so is subject to both dictionary and brute-force attacks. -
SHA_1
Deprecated.SHA-1 should no longer be used for any cryptographic purpose, plus this is neither salted nor iterated so is subject to both dictionary and brute-force attacks. -
PBKDF2WITHHMACSHA1
Deprecated.This was the previous algorithm used. Please usePBKDF2WITHHMACSHA512
, which is the currentHashedPassword.RECOMMENDED_ALGORITHM
, for new passwords.From https://crackstation.net/hashing-security.htm -
PBKDF2WITHHMACSHA224
Deprecated.Collision resistance of at least 128 bits is required -
PBKDF2WITHHMACSHA256
-
PBKDF2WITHHMACSHA384
-
PBKDF2WITHHMACSHA512
-
-
Method Details
-
values
Returns an array containing the constants of this enum type, in the order they are declared.- Returns:
- an array containing the constants of this enum type, in the order they are declared
-
valueOf
Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum type has no constant with the specified nameNullPointerException
- if the argument is null
-
findAlgorithm
public static HashedPassword.Algorithm findAlgorithm(String algorithmName) throws IllegalArgumentException Case-insensitive lookup by algorithm name.- Returns:
- The algorithm or
null
whenalgorithmName == null
- Throws:
IllegalArgumentException
- when no enum with the given algorithm name (case-insensitive) is found
-
toString
- Overrides:
toString
in classEnum<HashedPassword.Algorithm>
-
getAlgorithmName
Gets theSecretKeyFactory
algorithm name. -
getSaltBytes
public int getSaltBytes()Gets the number of bytes of cryptographically strong random data that must be used with this algorithm. -
validateSalt
public <Ex extends Throwable> byte[] validateSalt(Function<? super String, Ex> newThrowable, byte[] salt) throws Ex- Type Parameters:
Ex
- An arbitrary exception type that may be thrown- Throws:
Ex
-
generateSalt
Deprecated.Please useSecureRandom
. This method will stay, but will remain deprecated since it should only be used after careful consideration.Generates a random salt ofgetSaltBytes()
bytes in length using the providedRandom
source.- See Also:
-
generateSalt
Generates a random salt ofgetSaltBytes()
bytes in length using the providedSecureRandom
source.- See Also:
-
generateSalt
public byte[] generateSalt()Generates a random salt ofgetSaltBytes()
bytes in length using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- See Also:
-
getMinimumIterations
public int getMinimumIterations()Gets the minimum number of iterations allowed or0
when algorithm is not iterated. -
getMaximumIterations
public int getMaximumIterations()Gets the maximum number of iterations allowed or0
when algorithm is not iterated. -
getRecommendedIterations
public int getRecommendedIterations()Gets the recommended number of iterations for typical usage or0
when algorithm is not iterated.We may change this value between releases without notice. Only use this value for new password hashes. Always store the iterations with the salt and hash, and use the stored iterations when checking password matches.
It is recommended to re-hash a password during login when the recommended iterations has changed.
This value is selected to complete the hashing in around 100L ms on commodity PC hardware from around the year 2012.
- See Also:
-
validateIterations
public <Ex extends Throwable> int validateIterations(Function<? super String, Ex> newThrowable, int iterations) throws Ex- Type Parameters:
Ex
- An arbitrary exception type that may be thrown- Throws:
Ex
-
getHashBytes
public int getHashBytes()Gets the number of bytes required to store the generated hash. -
validateHash
public <Ex extends Throwable> byte[] validateHash(Function<? super String, Ex> newThrowable, byte[] hash) throws Ex- Type Parameters:
Ex
- An arbitrary exception type that may be thrown- Throws:
Ex
-
validate
public <Ex extends Throwable> void validate(Function<? super String, Ex> newThrowable, byte[] salt, int iterations, byte[] hash) throws Ex- Type Parameters:
Ex
- An arbitrary exception type that may be thrown- Throws:
Ex
-
hash
Hash the given password togetHashBytes()
bytes.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- See Also:
-
hash
Deprecated.Please usehash(com.aoapps.security.Password, byte[], int)
so the password may be destroyed.Hash the given password togetHashBytes()
bytes.- See Also:
-
UnixCrypt
should not be used for any cryptographic purpose, plus this is barely salted and not iterated so is subject to both dictionary and brute-force attacks.