CODEWITHSUNDEEP
javajakarta-eehashshiro
user2022068
user2022068

Reputation:

Apache Shiro - password format issue

I try to use PasswordMatcher with DefaultPasswordService with DefaultHashService.

DefaultHashService hashService = new DefaultHashService();
hashService.setHashIterations(10000); 
hashService.setHashAlgorithmName(Sha512Hash.ALGORITHM_NAME);
hashService.setGeneratePublicSalt(true);

DefaultPasswordService passwordService = new DefaultPasswordService();
passwordService.setHashService(hashService);
String encryptedPassword = passwordService.encryptPassword("password");
System.out.println("Result:"+encryptedPassword);

And here is the result which I must save to database in the column PASSWORD.

$shiro1$SHA-512$10000$T5nkQEA3qjMLPuB/x+WN4Q==$qWViYjBljsMwH7FSvhecKlxQqXY11lv8eS4guxD9t8D4HTeKclN/muyTnhzYZ+YvI1YkEg6L7T2kM3qykUG0XQ==

Everything is working. However my question is why are iterations number and algorithm name saved together with salt and password? This case we do inform the potential attacker, who dumps our database about such important properties.

Upvotes: 0

Views: 769

Answers (2)

Alexander Langer
Alexander Langer

Reputation: 2893

Nowadays, we aim to protect user passwords even when an attacker knows all implementation secrets. This is known as "white-box encryption":

In such a context, a ‘white-box attacker’ has full access to the software implementation of a cryptographic algorithm: the binary is completely visible and alterable by the attacker; and the attacker has full control over the execution platform (CPU calls, memory registers, etc.). Hence, the implementation itself is the sole line of defence.

That being said, you can store the hash algorithm and iteration count together with the password, as you have to assume the attacker also has access to the code/binaries anyways (which is not unlikely if they have access to the database).

Storing the number of iterations together with the hash has an additional benefit: In the future you might want to change to a larger number of iterations, since processing power has increased. You can then easily upgrade your database by going through all the hashes with the old number of iterations, apply a number of additional iterations and store the new result in the database, upgraded to a more secure scheme.

Similarly, if you add the hash algorithm to the hash, you may easily change to other password schemes (bcrypt, ...) later and upgrade users gracefully on their next login.

Upvotes: 1

Wouter
Wouter

Reputation: 4016

It is so when you change the default algorithm of your password service, you can still check against hashes of previously generated passwords.

As for your concern about aiding the potential hacker, there is a simple way to circumvent this, add a private salt string to the hashing algorithm:

private static final String PRIVATE_SALT = "some_random_string_you_only_know";
...
hashService.setPrivateSalt(new SimpleByteSource(PRIVATE_SALT));

Upvotes: 1

Related Questions