I'm trying to generate a salt in Java to use with a hashing algorithm for secure password storage. I'm using the following code to create the random salt:
private static String getSalt() throws NoSuchAlgorithmException {
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[16];
sr.nextBytes(salt);
System.out.println(salt.toString());
return salt.toString();
}
Which should generate a completely secure, randomly generated salt to use in my hashing algorithm. When I run the code however, it keeps outputting the same salt every time... Indicating that the salt being generated isn't random at all.
For obvious security purposes, each user needs a unique salt however if I use this code each time a new account is created then every user will have the same salt, defeating the purpose of having it in the first place.
My question is this: Why does this keep giving me the same salt and what can I do to ensure the salt generated is completely random each time the code is run?
Aucun commentaire:
Enregistrer un commentaire