Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SHA-1 + Salt

843811Nov 19 2008 — edited Nov 20 2008
I had thought that a simple problem to create an SHA1 hash of password+salt would be easy to create and establish, however it is not working. I am suppose to create a security key that is the SHA1 hash of the password concatenated with the Salt (i.e. key = sha1hash(pass + salt);). The resultant hash should be encoded as a Base-16 string (without spaces or separator characters), that is two characters for each byte in the SHA1 hash.
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;

public class TSecurityToken {
    private static final String passworddigest = "somepassworddigest";
    private static String hexits = "0123456789ABCDEF";

    public static String createdigest(byte[] salt, String entity) throws Exception {
        MessageDigest sha = MessageDigest.getInstance("SHA-1");
        sha.reset();
        sha.update(entity.getBytes());
        sha.update(salt);
        byte[] pwhash = sha.digest();             
        return toHex(concatenate(pwhash, salt));
    }
    
    private static byte[] concatenate(byte[] l, byte[] r) {
        byte[] b = new byte[l.length + r.length];
        System.arraycopy(l, 0, b, 0, l.length);
        System.arraycopy(r, 0, b, l.length, r.length);
        return b;
    }
    
    private static String toHex(byte[] block) {
        StringBuffer buf = new StringBuffer();
        for (int i = 0; i < block.length; ++i) {
            buf.append(hexits.charAt((block[i] >>> 4) & 0xf));
            buf.append(hexits.charAt(block[i] & 0xf));
        }
        return buf.toString();
    }

   public static final SecurityToken getSecurityToken(){
          SecruityToken token = new SecurityToken();
          try{
            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
            byte[] salt = new byte[8];
            random.nextBytes(salt);
            token.setSalt(toHex(salt));
            token.setSecuritykey(createdigest(salt, passworddigest));
          }
          catch (Exception e){e.printStackTrace();}
          return token;
   }
}

public class SecurityToken{
    private String salt;
    private String securitykey;

    public void setSalt(String salt){
          this.salt = salt;
    }
    public String getSalt(){
          return salt;
    }
    public void setSecuritykey(String securitykey){
          this.securitykey= securitykey;
    }
    public String getSecuritykey(){
          return securitykey;
    }
}
The receipt that is receiving my password is based in .NET and thus I am unaware where exactly my code is going wrong. I want to know if I am creating my code incorrectly or something could be wrong on their end.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 18 2008
Added on Nov 19 2008
#cryptography
6 comments
884 views