...
The choice of hash function and salt length presents a trade-off between security and performance. If it takes longer to compute a hash value, then the performance of a brute-force attack will be lowered. This will come at the cost of slowing down the program when it validates passwords. If a longer salt length is used, then the performance of a brute-force attack will be lowered at the cost of the extra storage space required.
Java's s MessageDigest class class provides the functionality of various cryptographic hash functions. Be careful not to pick a defective function such as MD-5. Publications are often available when a hash function is proven defectiveMD5. Hash functions such as SHA-1 and SHA-2 are maintained by the NSA, and are currently considered safe.
...
An attacker could potentially decrypt this file to discover the password. This The attacker could be someone who knows or has figured out the encryption scheme being used by the program.
...
Even if an attacker knows that the program stores passwords using SHA-1 and a 12-byte salt, they will be unable to get the value of the unencrypted password from password.bin and salt.bin.
While this fixes the decryption problem from the previous noncompliant code example, at runtime this code may inadvertently store the passwords as cleartext. Java string objects are immutable, so any time you assign a new value to them it does not necessarily overwrite the part of memory where the string was previously stored. This means that it is very difficult to ensure that the cleartext is actually cleared from memory. See and they can be copied and internally stored by the JVM. Consequently, Java provides no mechanism to securely erase a password once it has been stored in a String. See MSC10-J. Limit the lifetime of sensitive data for more information.
...
This compliant solution addresses the problems from the previous noncompliant examplescode example, by using a byte array to store the password.
| Code Block | ||
|---|---|---|
| ||
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public final class Password {
private void setPassword(byte[] pass) throws Exception {
byte[] salt = generateSalt(12);
byte[] input = appendArrays(pass, salt);
MessageDigest sha_1 = MessageDigest.getInstance("SHA-1");
byte[] hashVal = sha_1.digest(input); //encode the string and salt Â
clearArray(pass); Â
clearArray(input);
saveBytes(salt, "salt.bin"); Â
saveBytes(hashVal,"password.bin"); //save the hash value to credentials.pw
}
private boolean checkPassword(byte[] pass) throws Exception {
byte[] salt = loadBytes("salt.bin");
byte[] input = appendArrays(pass, salt);
MessageDigest sha_1 = MessageDigest.getInstance("SHA-1");
byte[] hashVal1 = sha_1.digest(input); //encode the string and salt
clearArray(pass);
clearArray(input);
byte[] hashVal2 = loadBytes("credentials.pw"); //load the hash value stored in credentials.pw
return Arrays.equals(hashVal1, hashVal2);
}
private byte[] generateSalt(int n) {
//Generate a random byte array of length n
}
private byte[] appendArrays(byte[] a, byte[] b) {
//Return a new array of a appended to b
}
private void clearArray(byte[] a) {
//set all of the elements in a to zero
}
}
|
In both the setPassword() and checkPassword() methods, the cleartext representation of the password is erased as soon as it is converted into a hash value. After this happens, there is no way for an attacker to get the password as cleartext.
Exceptions
MSC18-EX0 Applications : Applications such as password managers may need to retrieve the original password in order to enter it into a third-party application. This is okay even though it violates the guideline. The difference here is that the password manager is accessed by a single user. The program will always have the user's permission to store their passwords in this way. Therefore, provided the user is competent, the program's operation will be safe.
...
Bibliography
| Wiki Markup |
|---|
\[SD:[API 2006|AA. Bibliography#API 06]\] Class {{java.security.MessageDigest}} |
| Wiki Markup |
|---|
\[SD:[API 2006|AA. Bibliography#API 06]\] Class {{java.lang.String}} |
...