I'm currently trying to implement a password hash manager in Java. Looking for the best way to achieve this, I learned about salts.
This is the generateSalt function I've found :
public static byte[] generateSalt() throws NoSuchAlgorithmException {
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[8];
random.nextBytes(salt);
return salt;
}
Then I simply tried this :
public class Application {
public static void main(String[] args) {
try {
for(int i = 0; i < 10; i++) {
System.out.println(PasswordHash.generateSalt());
}
}
catch(Exception e) {
System.out.println(e.getStackTrace());
}
}
}
Output is : B@135fbaa4 B@45ee12a7 B@330bedb4 B@2503dbd3 B@4b67cf4d B@7ea987ac B@12a3a380 B@29453f44 B@5cad8086 B@6e0be858 All of these are preceed by '['
So, first, I want a 8 bytes salt. It seems to work, but what are the first 3 bytes returned by the function ?
Second, if I restart my application, results remains the same. I've seen salt are unique for each users. So let's imagine I want to be able to create database users in my application. I create user 1, and generated salt is B@135fbaa4.
Then I restart my application and create user 2, so generated salt will be B@135fbaa4 too, right ?
Documentation said :
public void nextBytes(byte[] bytes)
Generates a user-specified number of random bytes.
If a call to setSeed had not occurred previously, the first call to this method forces this SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
Is this seed the problem ? Feel like I've missed something.
Aucun commentaire:
Enregistrer un commentaire