O'Reilly logo

Instant Java Password and Authentication Security by Fernando Mayoral

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Adding salt to a hash (Intermediate)

This recipe teaches how to properly salt hashes to make them even stronger. As you may have guessed, this technique involves adding something to our hashes to make them harder to break.

How to do it...

To sign up or change a password, follow the given steps:

  1. Generate a random salt value.
  2. Create a MessageDigester with an algorithm you prefer.
  3. Add the salt to the MessageDigester .
  4. Digest the password with the MessageDigester.
  5. Get the hash from the digest.
  6. Save the generated salt and the hashed password. In case of sign up, we need to save the username.

To generate a random salt value, consider the code shown in the following screenshot:

We always need to use a SecureRandom class to create good salts. In Java, the SecureRandom ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required