SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user vishal patel

Saved on

compared with

New Version 83

changes.mady.by.user vishal patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Automated update-Scrapy V0.1 Fixing Navigation links Automatic Nagivation Script

...

Code Block
bgColor#FFcccc
public final class Password {
  private void setPassword(byte[] pass) throws Exception {
    bytes[] encrypted = encrypt(pass); //arbitrary encryption scheme
    clearArray(pass);      
    saveBytes(encrypted,"password.bin"); //encrypted password to password.bin
  }

  private boolean checkPassword(byte[] pass) throws Exception {
    boolean arrays_equal;
    byte[] encrypted = loadBytes("password.bin"); //load the encrypted password
    byte[] decrypted = decrypt(encrypted);
    arrays_equal = Arrays.equal(decrypted, pass);
    clearArray(decrypted);
    clearArray(pass);
    return arrays_equal;
  }

  private clearArray(byte[] a) {
    //set all of the elements in a to zero
  }
}

...

Code Block
bgColor#ccccff
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public final class Password {

  private void setPassword(byte[] pass) throws Exception {
    byte[] salt = generateSalt(12);
    byte[] input = appendArrays(pass, salt);
    MessageDigest sha_1 = MessageDigest.getInstance("SHA-1");
    byte[] hashVal = sha_1.digest(input); //encode the string and salt    
    clearArray(pass);    
    clearArray(input);
    saveBytes(salt, "salt.bin");    
    saveBytes(hashVal,"password.bin"); //save the hash value to credentials.pw
  }

  private boolean checkPassword(byte[] pass) throws Exception {
    byte[] salt = loadBytes("salt.bin");
    byte[] input = appendArrays(pass, salt);
    MessageDigest sha_1 = MessageDigest.getInstance("SHA-1");
    byte[] hashVal1 = sha_1.digest(input); //encode the string and salt
    clearArray(pass);
    clearArray(input);
    byte[] hashVal2 = loadBytes("credentials.pw"); //load the hash value stored in credentials.pw
    return Arrays.equals(hashVal1, hashVal2);
  }

  private byte[] generateSalt(int n) {
    //Generate a random byte array of length n
  }

  private byte[] appendArrays(byte[] a, byte[] b) {
    //Return a new array of a appended to b
  }

  private void clearArray(byte[] a) {

    //set all of the elements in a to zero
  }
}

...

http://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function

http://nsa.gov/

...

FIO14MSC04-J. Use an int to capture the return value of functions that read a character or byte      12. Input Output (FIO)      13. Input Validation and Data Sanitization (IDS)Do not use Object.equals() to compare cryptographic keys      49. Miscellaneous (MSC)      MSC06-J. Avoid memory leaks