public interface HashService
HashService
hashes input sources utilizing a particular hashing strategy.
A HashService
sits at a higher architectural level than Shiro's simple Hash
classes: it allows
for salting and iteration-related strategies to be configured and internalized in a
single component that can be re-used in multiple places in the application.
For example, for the most secure hashes, it is highly recommended to use a randomly generated salt, potentially
paired with an configuration-specific private salt, in addition to using multiple hash iterations.
While one can do this easily enough using Shiro's Hash
implementations directly, this direct approach could
quickly lead to copy-and-paste behavior. For example, consider this logic which might need to repeated in an
application:
int numHashIterations = ...
ByteSource privateSalt = ...
ByteSource randomSalt = randomNumberGenerator
.nextBytes();
ByteSource combined = combine(privateSalt, randomSalt);
Hash hash = Sha512Hash(source, combined, numHashIterations);
save(hash);
In this example, often only the input source will change during runtime, while the hashing strategy (how salts
are generated or acquired, how many hash iterations will be performed, etc) usually remain consistent. A HashService
internalizes this logic so the above becomes simply this:
HashRequest request = new HashRequest.Builder().source(source).build(); Hash result = hashService.hash(request); save(result);
Modifier and Type | Method and Description |
---|---|
Hash |
computeHash(HashRequest request)
Computes a hash based on the given request.
|
Hash computeHash(HashRequest request)
returnedHash.getSalt()
!= null
), this
same exact salt MUST be presented back to the HashService
if hash
comparison/verification will be performed at a later time (for example, for password hash or file checksum
comparison).
For additional security, the HashService
's internal implementation may use more complex salting
strategies than what would be achieved by computing a Hash
manually.
In summary, if a HashService
returns a salt in a returned Hash, it is expected that the same salt
will be provided to the same HashService
instance.request
- the request to processHash.getSalt()
Copyright © 2004-2016 The Apache Software Foundation. All Rights Reserved.