|
| 1 | +# securehash |
| 2 | +Demonstration of basic SHA2 and PBKDF2WithHmacSHA512 hashing as well as how to generate a salt and use with hashing methods. |
| 3 | + |
| 4 | +## FashHash.java |
| 5 | + |
| 6 | +An academic example of hashing using the SHA2 family of hashing algorithms including: |
| 7 | + |
| 8 | + <ul> |
| 9 | + <li>SHA-224</li> |
| 10 | + <li>SHA-256</li> |
| 11 | + <li>SHA-384</li> |
| 12 | + <li>SHA-512</li> |
| 13 | + <li>SHA-512/224</li> |
| 14 | + <li>SHA-512/256</li> |
| 15 | + </ul> |
| 16 | + |
| 17 | +The *SHA-512* algorithm is selected if no algorithm is provided. |
| 18 | + |
| 19 | +The default provider is selected as *SUN* if no provider is given. |
| 20 | + |
| 21 | +## SecureHash.java |
| 22 | + |
| 23 | +Implements the PBKDF2 key stretching algorithm, which is a processor intensive operation designed to thwart brute-force attacks that are more likely to be successful against the fast hashing algoritms of the SHA2 family. |
| 24 | +## Salt.java |
| 25 | + |
| 26 | +Demonstrates the use of SecureRandom to generate a 64 byte (512 bit) secure random salt using the default *SHA1PRNG* algorithm if no algorithm is provided by the user. |
| 27 | +## Logging via Log4j |
| 28 | + |
| 29 | +# JUnit |
| 30 | + |
| 31 | +Test cases deomonstrate the comparison of previously hashed values against a newly provided value that is hashed in conjunction of the previously used salt to generate a new hash value that is compared to the saved value for equality. |
| 32 | + |
| 33 | +## References |
| 34 | +[1] https://www.owasp.org/index.php/Hashing_Java |
| 35 | + |
| 36 | +[2] https://en.wikipedia.org/wiki/Secure_Hash_Algorithms |
| 37 | + |
| 38 | +[3] https://www.mkyong.com/java/java-sha-hashing-example |
| 39 | + |
| 40 | +[4] https://stackoverflow.com/questions/33085493/hash-a-password-with-sha-512-in-java |
| 41 | + |
| 42 | +[5] https://en.wikipedia.org/wiki/PBKDF2 |
| 43 | + |
| 44 | +[6] https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet |
| 45 | + |
| 46 | +[7] https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet |
| 47 | + |
| 48 | +[8] https://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374? |
| 49 | + |
| 50 | +[9] https://www.mssqltips.com/sqlservertip/3293/add-a-salt-with-the-sql-server-hashbytes-function/ |
| 51 | + |
| 52 | +[10] https://www.owasp.org/index.php/Key_Management_Cheat_Sheet |
| 53 | + |
| 54 | +[11] https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/ |
| 55 | + |
| 56 | +[12] https://docs.microsoft.com/en-us/sql/t-sql/functions/hashbytes-transact-sql |
| 57 | + |
| 58 | +[13] https://www.mssqltips.com/sqlservertip/2144/an-overview-of-extended-events-in-sql-server-2008/ |
| 59 | + |
| 60 | +[14] https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting |
| 61 | + |
| 62 | +[15] http://project-rainbowcrack.com/table.htm |
| 63 | + |
| 64 | +[16] https://martinfowler.com/articles/web-security-basics.html |
0 commit comments