Save salt with hashed password

58 Views Asked by DanialAbdi At 22 June 2023 at 17:49

I'm saving hashed password with this pattern in the Database:

PkGzO4WINLmDHLeXETzsjoxdtNzz0ngR3ux4P5E61go=:ffApiGPDwAuZL+a/GO8ooPt2JxXk2CXumlyhC0eZd8Q=
 Pattern-> HashedPassword:Salt

After character ":" is salt.

This is configuration for hashing:

private static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA512";

private static final int DEFAULT_ITERATIONS = 2048;
private static final int DEFAULT_SALT_SIZE = 64;         // 32-byte/256-bit salt
private static final int DEFAULT_KEY_SIZE = 64;

Is it a bad way? Do exist a better way?

Original Q&A

There are 1 best solutions below

Transcendent On 22 June 2023 at 17:58

You do not need to store salts! Given that you have the following function for creating your hashes:

string crypt(string password, string salt);

if you create a salted hash for your password like:

string hashedPassword = crypt("mypassword", saltFunction("md5"));

you can verify passwords like:

string hash = crypt("mypassword", hashedPassword); 
if(hash == hashedPassword) {
   // Password is correct
}

This is common practice and widely used in Postgres.

Save salt with hashed password

There are 1 best solutions below

Related Questions in JAVA

Related Questions in PBKDF2

Trending Questions

Popular # Hahtags

Popular Questions