- All Implemented Interfaces:
Serializable
- Author:
- AO Industries, Inc.
- See Also:
-
Nested Class Summary
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
Deprecated.static final HashedPassword
A singleton that must be used in places where no password is set.static final String
Indicates that no password is set.static final HashedPassword.Algorithm
The algorithm recommended for use with new passwords.static final int
Deprecated.This is the value matching the previous default algorithm, please useHashedPassword.Algorithm.getRecommendedIterations()
instead.static final int
Deprecated.This is the value matching the previous default algorithm, please useHashedPassword.Algorithm.getSaltBytes()
instead. -
Constructor Summary
ConstructorDescriptionHashedPassword
(byte[] salt, int iterations, byte[] hash) Deprecated.This represents a hash using the previous default algorithm, please useHashedPassword(com.aoapps.security.Password)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
, orHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
instead.HashedPassword
(HashedPassword.Algorithm algorithm, byte[] salt, int iterations, byte[] hash) Deprecated.Please usevalueOf(com.aoapps.security.HashedPassword.Algorithm, byte[], int, byte[])
, which is able to automatically return theNO_PASSWORD
singleton.HashedPassword
(Password password) Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.HashedPassword
(Password password, HashedPassword.Algorithm algorithm) Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.HashedPassword
(Password password, HashedPassword.Algorithm algorithm, byte[] salt, int iterations) Creates a new hashed password using the given algorithm, salt, and iterations.HashedPassword
(Password password, HashedPassword.Algorithm algorithm, int iterations) Creates a new hashed password using the given algorithm, a random salt, and the given iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.HashedPassword
(Password password, HashedPassword.Algorithm algorithm, int iterations, SecureRandom secureRandom) Creates a new hashed password using the given algorithm, a random salt, and the given iterations using the providedSecureRandom
source.HashedPassword
(Password password, HashedPassword.Algorithm algorithm, int iterations, Random random) Deprecated.Please useSecureRandom
.HashedPassword
(Password password, HashedPassword.Algorithm algorithm, SecureRandom secureRandom) Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using the providedSecureRandom
source.HashedPassword
(Password password, HashedPassword.Algorithm algorithm, Random random) Deprecated.Please useSecureRandom
.HashedPassword
(Password password, SecureRandom secureRandom) Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using the providedSecureRandom
source.HashedPassword
(Password password, Random random) Deprecated.Please useSecureRandom
.HashedPassword
(String password) Deprecated.Please useHashedPassword(com.aoapps.security.Password)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm, byte[] salt, int iterations) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, byte[], int)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm, int iterations) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm, int iterations, SecureRandom secureRandom) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int, java.security.SecureRandom)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm, int iterations, Random random) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int, java.util.Random)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm, SecureRandom secureRandom) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, java.security.SecureRandom)
so the password may be destroyed.HashedPassword
(String password, HashedPassword.Algorithm algorithm, Random random) Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, java.util.Random)
so the password may be destroyed.HashedPassword
(String password, SecureRandom secureRandom) Deprecated.Please useHashedPassword(com.aoapps.security.Password, java.security.SecureRandom)
so the password may be destroyed.HashedPassword
(String password, Random random) Deprecated.Please useHashedPassword(com.aoapps.security.Password, java.util.Random)
so the password may be destroyed.HashedPassword
(PBEKey pbeKey) Creates a new hashed password using the given algorithm, salt, and iterations. -
Method Summary
Modifier and TypeMethodDescriptionboolean
Checks if equal to another hashed password, alwaysfalse
when either isNO_PASSWORD
.static byte[]
Deprecated.This generates a salt for the previous default algorithm, please useHashedPassword.Algorithm.generateSalt()
,HashedPassword(com.aoapps.security.Password)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
instead.byte[]
getHash()
int
byte[]
getSalt()
static byte[]
Deprecated.This generates a hash for the previous default algorithm and does not allow the password to be destroyed, please useHashedPassword.Algorithm.hash(com.aoapps.security.Password, byte[], int)
,HashedPassword(com.aoapps.security.Password)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
instead.int
hashCode()
The hash code is taken from the last 32 bits of the hash.boolean
It is recommended to rehash the password during login when the recommended settings are stronger than the settings used in the previous hashing.static void
boolean
Checks if this matches the provided password, alwaysfalse
when isNO_PASSWORD
.boolean
Deprecated.Please usematches(com.aoapps.security.Password)
so the password may be destroyed.toString()
Gets the string representation of the hashed password.static HashedPassword
valueOf
(HashedPassword.Algorithm algorithm, byte[] salt, int iterations, byte[] hash) Restores aHashedPassword
from its individual fields.static HashedPassword
Parses the result oftoString()
.
-
Field Details
-
NO_PASSWORD_VALUE
Indicates that no password is set.This matches a value often used in
/etc/shadow
when the user has no password set (although!
is also commonly used for this purpose).This is also used as the value used for filtered data in the AOServ Protocol.
- See Also:
-
RECOMMENDED_ALGORITHM
The algorithm recommended for use with new passwords. This may change at any time, but previous algorithms will remain supported.It is recommended to re-hash a password during login when the recommended algorithm has changed.
-
SALT_BYTES
Deprecated.This is the value matching the previous default algorithm, please useHashedPassword.Algorithm.getSaltBytes()
instead.The number of bytes in the random salt.- See Also:
-
HASH_BYTES
Deprecated.This is the value matching the previous default algorithm, please useHashedPassword.Algorithm.getHashBytes()
instead.The number of bytes in the hash.- See Also:
-
RECOMMENDED_ITERATIONS
Deprecated.This is the value matching the previous default algorithm, please useHashedPassword.Algorithm.getRecommendedIterations()
instead. -
NO_PASSWORD
A singleton that must be used in places where no password is set.
-
-
Constructor Details
-
HashedPassword
@Deprecated public HashedPassword(HashedPassword.Algorithm algorithm, byte[] salt, int iterations, byte[] hash) throws IllegalArgumentException Deprecated.Please usevalueOf(com.aoapps.security.HashedPassword.Algorithm, byte[], int, byte[])
, which is able to automatically return theNO_PASSWORD
singleton.- Parameters:
algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whensalt.length != algorithm.getSaltBytes()
orhash.length != algorithm.getHashBytes()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(byte[] salt, int iterations, byte[] hash) throws IllegalArgumentException Deprecated.This represents a hash using the previous default algorithm, please useHashedPassword(com.aoapps.security.Password)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
, orHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
instead.- Parameters:
iterations
- The number of has iterations- Throws:
IllegalArgumentException
- whensalt.length != SALT_BYTES
orhash.length != HASH_BYTES
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
public HashedPassword(Password password, HashedPassword.Algorithm algorithm, byte[] salt, int iterations) throws IllegalArgumentException Creates a new hashed password using the given algorithm, salt, and iterations.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
onsalt.length != algorithm.getSaltBytes()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm, byte[] salt, int iterations) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, byte[], int)
so the password may be destroyed.Creates a new hashed password using the given algorithm, salt, and iterations.- Parameters:
algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords) onsalt.length != algorithm.getSaltBytes()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
Creates a new hashed password using the given algorithm, salt, and iterations.- Parameters:
pbeKey
- Is not destroyed, the caller should destroy thePBEKey
if not longer required.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
onsalt.length != algorithm.getSaltBytes()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(Password password, HashedPassword.Algorithm algorithm, int iterations, Random random) throws IllegalArgumentException Deprecated.Please useSecureRandom
. This method will stay, but will remain deprecated since it should only be used after careful consideration.Creates a new hashed password using the given algorithm, a random salt, and the given iterations using the providedRandom
source.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
public HashedPassword(Password password, HashedPassword.Algorithm algorithm, int iterations, SecureRandom secureRandom) throws IllegalArgumentException Creates a new hashed password using the given algorithm, a random salt, and the given iterations using the providedSecureRandom
source.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm, int iterations, Random random) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int, java.util.Random)
so the password may be destroyed.Please use
SecureRandom
. This method should only be used after careful consideration.Creates a new hashed password using the given algorithm, a random salt, and the given iterations using the providedRandom
source.- Parameters:
algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords) oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm, int iterations, SecureRandom secureRandom) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int, java.security.SecureRandom)
so the password may be destroyed.Creates a new hashed password using the given algorithm, a random salt, and the given iterations using the providedSecureRandom
source.- Parameters:
algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords) oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
public HashedPassword(Password password, HashedPassword.Algorithm algorithm, int iterations) throws IllegalArgumentException Creates a new hashed password using the given algorithm, a random salt, and the given iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm, int iterations) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
so the password may be destroyed.Creates a new hashed password using the given algorithm, a random salt, and the given iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- Parameters:
algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords) oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
HashedPassword
@Deprecated public HashedPassword(Password password, HashedPassword.Algorithm algorithm, Random random) throws IllegalArgumentException Deprecated.Please useSecureRandom
. This method will stay, but will remain deprecated since it should only be used after careful consideration.Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using the providedRandom
source.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
-
HashedPassword
public HashedPassword(Password password, HashedPassword.Algorithm algorithm, SecureRandom secureRandom) throws IllegalArgumentException Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using the providedSecureRandom
source.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm, Random random) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, java.util.Random)
so the password may be destroyed.Please use
SecureRandom
. This method should only be used after careful consideration.Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using the providedRandom
source.- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords)
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm, SecureRandom secureRandom) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, java.security.SecureRandom)
so the password may be destroyed.Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using the providedSecureRandom
source.- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords)
-
HashedPassword
public HashedPassword(Password password, HashedPassword.Algorithm algorithm) throws IllegalArgumentException Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
-
HashedPassword
@Deprecated public HashedPassword(String password, HashedPassword.Algorithm algorithm) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
so the password may be destroyed.Creates a new hashed password using the given algorithm, a random salt, and the recommended iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords)
-
HashedPassword
Deprecated.Please useSecureRandom
. This method will stay, but will remain deprecated since it should only be used after careful consideration.Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using the providedRandom
source.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
-
HashedPassword
Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using the providedSecureRandom
source.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
-
HashedPassword
Deprecated.Please useHashedPassword(com.aoapps.security.Password, java.util.Random)
so the password may be destroyed.Please use
SecureRandom
. This method should only be used after careful consideration.Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using the providedRandom
source.- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords)
-
HashedPassword
@Deprecated public HashedPassword(String password, SecureRandom secureRandom) throws IllegalArgumentException Deprecated.Please useHashedPassword(com.aoapps.security.Password, java.security.SecureRandom)
so the password may be destroyed.Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using the providedSecureRandom
source.- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords)
-
HashedPassword
Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- Throws:
IllegalArgumentException
- whenpassword == null || password.isDestroyed()
-
HashedPassword
Deprecated.Please useHashedPassword(com.aoapps.security.Password)
so the password may be destroyed.Creates a new hashed password using the recommended algorithm, a random salt, and the recommended iterations using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- Throws:
IllegalArgumentException
- whenpassword == null || password.isEmpty()
or password only contains(char)0
(conflicts with destroyed passwords)
-
-
Method Details
-
generateSalt
Deprecated.This generates a salt for the previous default algorithm, please useHashedPassword.Algorithm.generateSalt()
,HashedPassword(com.aoapps.security.Password)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
instead.Generates a random salt ofSALT_BYTES
bytes in length using a defaultSecureRandom
instance, which is not a strong instance to avoid blocking.- See Also:
-
hash
Deprecated.This generates a hash for the previous default algorithm and does not allow the password to be destroyed, please useHashedPassword.Algorithm.hash(com.aoapps.security.Password, byte[], int)
,HashedPassword(com.aoapps.security.Password)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm)
,HashedPassword(com.aoapps.security.Password, com.aoapps.security.HashedPassword.Algorithm, int)
instead.Hash the given password.- See Also:
-
valueOf
Parses the result oftoString()
.- Parameters:
hashedPassword
- whennull
, returnsnull
- Throws:
IllegalArgumentException
-
valueOf
public static HashedPassword valueOf(HashedPassword.Algorithm algorithm, byte[] salt, int iterations, byte[] hash) throws IllegalArgumentException Restores aHashedPassword
from its individual fields. This is useful for reading the object from a database, for example.- Parameters:
algorithm
- The algorithm previously used to hash the passworditerations
- The number of has iterations- Throws:
IllegalArgumentException
- whensalt.length != algorithm.getSaltBytes()
orhash.length != algorithm.getHashBytes()
oriterations < algorithm.getMinimumIterations()
oriterations > algorithm.getMaximumIterations()
-
toString
Gets the string representation of the hashed password. The format is subject to change over time, but will maintain backward compatibility.Please see
valueOf(java.lang.String)
for the inverse operation. -
equals
Checks if equal to another hashed password, alwaysfalse
when either isNO_PASSWORD
.Performs comparisons in length-constant time. https://crackstation.net/hashing-security.htm
-
hashCode
public int hashCode()The hash code is taken from the last 32 bits of the hash. The last 32 bits are selected because the first bits might include zero padding when the hash length is not a multiple ofByte.SIZE
. -
getAlgorithm
-
getSalt
public byte[] getSalt()- Returns:
- Defensive copy
-
getIterations
public int getIterations() -
getHash
public byte[] getHash()- Returns:
- Defensive copy
-
matches
Checks if this matches the provided password, alwaysfalse
when isNO_PASSWORD
.When verifying a user's password, please check
isRehashRecommended()
then either set the same password again or, ideally, generate a new password or prompt the user to reset their password. This will allow the stored passwords to keep up with encryption improvements.Performs comparisons in length-constant time. https://crackstation.net/hashing-security.htm
- Parameters:
password
- Is destroyed before this method returns. If the original password is needed, pass a clone to this method.- See Also:
-
matches
Deprecated.Please usematches(com.aoapps.security.Password)
so the password may be destroyed.Checks if this matches the provided password, alwaysfalse
when isNO_PASSWORD
.When verifying a user's password, please check
isRehashRecommended()
then either set the same password again or, ideally, generate a new password or prompt the user to reset their password. This will allow the stored passwords to keep up with encryption improvements.Performs comparisons in length-constant time. https://crackstation.net/hashing-security.htm
- See Also:
-
isRehashRecommended
public boolean isRehashRecommended()It is recommended to rehash the password during login when the recommended settings are stronger than the settings used in the previous hashing. -
main
-
HashedPassword.Algorithm.getHashBytes()
instead.