samedi 27 janvier 2018

Is this the correct way to generate password salt?

I searched and found something like this on the internet. I was wondering if this is the correct implementation of the salt. (?) And how can implement scrypt in javafx (?)

public class Main {
        public  static String generateSalt(int length, String pass) throws NoSuchAlgorithmException {
            StringBuffer buffer=null;
            try {
                 buffer = new StringBuffer();
                SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
                char[] characterMap;
                characterMap = pass.toCharArray();
                for (int i = 0; i <= length; i++) {
                    byte[] bytes = new byte[16]; // 16 bytes = 128 bits
                    secureRandom.nextBytes(bytes);
                    double number = secureRandom.nextDouble();
                    int b = ((int) (number * characterMap.length));
                    buffer.append(characterMap[b]);
                }
            }catch(NoSuchAlgorithmException e){
                e.printStackTrace();
            }
            System.out.println(buffer.length());
            return buffer.toString();
        }


        public static void main(String[] args) throws NoSuchAlgorithmException {
            System.out.print(generateSalt(32,"javid"));
        }
    }




Aucun commentaire:

Enregistrer un commentaire