Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,785,670 Members 44,872 Now Online
XDA Developers Android and Mobile Development Forum

More secure encryption class using salt

Tip us?
 
Jonny
Old
(Last edited by Jonny; 10th June 2014 at 10:43 AM.)
#1  
Jonny's Avatar
Forum Moderator - OP
Thanks Meter 7,962
Posts: 7,938
Join Date: Jul 2011
Location: Cheshire

 
DONATE TO ME
Phone More secure encryption class using salt

Continuing with the theme from my last thread where I posted a simple class for encrypting strings using the SHA-512 hashing algorithm, here is an improved version that generates a random 20 byte salt to add in with the string to be hashed. This is then hashed providing greater security.

Due to the random generation of the salt each time a string is hashed, this makes it pretty much impossible to get the same hash for a string, therefore once the salt has been generated the first time round it is stored in sharedPreferences for future uses so that you can use it for checking matches etc

Method of converting the bytes to hex string adapted from maybeWeCouldStealAVan's method @ stackoverflow.

Code:
public class Crypto {
    final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

    protected static String SHA512(String string, Context context) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        String salt = getSalt(context);
        md.update(salt.getBytes());
        byte[] bytes = md.digest(string.getBytes());
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static String getSalt(Context context) throws NoSuchAlgorithmException {
        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
        String salt = preferences.getString("salt", null);
        if (salt == null) {
            byte[] saltBytes = new byte[20];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(saltBytes);
            salt = new String(saltBytes);
            SharedPreferences.Editor editor = preferences.edit();
            editor.putString("salt", salt).commit();
        }
        return salt;
    }
}
Usage:

Code:
String example = "example";
try {
    example = Crypto.SHA512(example, context);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}
The Following 21 Users Say Thank You to Jonny For This Useful Post: [ Click to Expand ]
 
sybiload
Old
#2  
sybiload's Avatar
Recognized Developer
Thanks Meter 934
Posts: 477
Join Date: Apr 2012
Location: /dev/null

 
DONATE TO ME
Thanks for sharing, it's quite usefull ! I will include it to my project
 
tschmid
Old
#3  
Senior Member
Thanks Meter 26
Posts: 163
Join Date: Feb 2013
Quote:
Originally Posted by Jonny View Post
Continuing with the theme from my last thread where I posted a simple class for encrypting strings using the SHA-512 hashing algorithm, here is an improved version that generates a random 20 byte salt to add in with the string to be hashed. This is then hashed providing greater security.

Due to the random generation of the salt each time a string is hashed, this makes it pretty much impossible to get the same hash for a string, therefore once the salt has been generated the first time round it is stored in sharedPreferences for future uses so that you can use it for checking matches etc

Method of converting the bytes to hex string adapted from maybeWeCouldStealAVan's method @ stackoverflow.

Code:
public class Crypto {
    final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

    protected static String SHA512(String string, Context context) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        String salt = getSalt(context);
        md.update(salt.getBytes());
        byte[] bytes = md.digest(string.getBytes());
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static String getSalt(Context context) throws NoSuchAlgorithmException {
        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
        String salt = preferences.getString("salt", null);
        if (salt == null) {
            byte[] saltBytes = new byte[20];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(saltBytes);
            salt = new String(saltBytes);
            SharedPreferences.Editor editor = preferences.edit();
            editor.putString("salt", salt).commit();
        }
        return salt;
    }
}
Usage:

Code:
String example = "example";
try {
    example = Crypto.SHA512(example, context);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}
Thanks

Gesendet von meinem LG-D855 mit Tapatalk
Tags
encryption, hashing, salt, security, sha512
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes