[ad_1]
I'm currently trying to implement a password hash manager in Java. Looking for the best way to achieve this, I learned about salts.
This is the generateSalt function I've found :
public static byte[] generateSalt() throws NoSuchAlgorithmException
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[8];
random.nextBytes(salt);
return salt;
Then I simply tried this :
public class Application
public static void main(String[] args)
try
for(int i = 0; i < 10; i++)
System.out.println(PasswordHash.generateSalt());
catch(Exception e)
System.out.println(e.getStackTrace());
Output is : 135fbaa4 45ee12a7 330bedb4 2503dbd3 4b67cf4d 7ea987ac 12a3a380 29453f44 5cad8086 6e0be858
But if I restart my application, results remains the same. I've seen salts are unique for each users. So let's imagine I want to be able to create database users in my application. I create user 1, and generated salt is 135fbaa4.
Then I restart my application and create user 2, so generated salt will be 135fbaa4 too, right ?
Documentation said :
public void nextBytes(byte[] bytes) Generates a user-specified number
of random bytes. If a call to setSeed had not occurred previously, the
first call to this method forces this SecureRandom object to seed
itself. This self-seeding will not occur if setSeed was previously
called.
Is this seed the problem ? Feel like I've missed something.
I've tried to use System.currentTimeMillis() as the seed, so the output is different, but it remains the same after each restart.
[ad_2]
لینک منبع
