Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

More secure encryption class using salt

OP Jonny

5th June 2014, 11:48 PM   |  #1  
Jonny's Avatar
OP Forum Moderator
Flag Cheshire
Thanks Meter: 8,273
 
8,122 posts
Join Date:Joined: Jul 2011
Donate to Me
More
Continuing with the theme from my last thread where I posted a simple class for encrypting strings using the SHA-512 hashing algorithm, here is an improved version that generates a random 20 byte salt to add in with the string to be hashed. This is then hashed providing greater security.

Due to the random generation of the salt each time a string is hashed, this makes it pretty much impossible to get the same hash for a string, therefore once the salt has been generated the first time round it is stored in sharedPreferences for future uses so that you can use it for checking matches etc

Method of converting the bytes to hex string adapted from maybeWeCouldStealAVan's method @ stackoverflow.

Code:
public class Crypto {
    final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

    protected static String SHA512(String string, Context context) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        String salt = getSalt(context);
        md.update(salt.getBytes());
        byte[] bytes = md.digest(string.getBytes());
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static String getSalt(Context context) throws NoSuchAlgorithmException {
        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
        String salt = preferences.getString("salt", null);
        if (salt == null) {
            byte[] saltBytes = new byte[20];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(saltBytes);
            salt = new String(saltBytes);
            SharedPreferences.Editor editor = preferences.edit();
            editor.putString("salt", salt).commit();
        }
        return salt;
    }
}
Usage:

Code:
String example = "example";
try {
    example = Crypto.SHA512(example, context);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}
Last edited by Jonny; 10th June 2014 at 11:43 AM.
The Following 21 Users Say Thank You to Jonny For This Useful Post: [ View ]
6th June 2014, 06:27 PM   |  #2  
sybiload's Avatar
Recognized Developer
Flag /dev/null
Thanks Meter: 943
 
477 posts
Join Date:Joined: Apr 2012
Donate to Me
More
Thanks for sharing, it's quite usefull ! I will include it to my project
8th August 2014, 01:33 PM   |  #3  
Senior Member
Thanks Meter: 75
 
337 posts
Join Date:Joined: Feb 2013
Quote:
Originally Posted by Jonny

Continuing with the theme from my last thread where I posted a simple class for encrypting strings using the SHA-512 hashing algorithm, here is an improved version that generates a random 20 byte salt to add in with the string to be hashed. This is then hashed providing greater security.

Due to the random generation of the salt each time a string is hashed, this makes it pretty much impossible to get the same hash for a string, therefore once the salt has been generated the first time round it is stored in sharedPreferences for future uses so that you can use it for checking matches etc

Method of converting the bytes to hex string adapted from maybeWeCouldStealAVan's method @ stackoverflow.

Code:
public class Crypto {
    final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

    protected static String SHA512(String string, Context context) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        String salt = getSalt(context);
        md.update(salt.getBytes());
        byte[] bytes = md.digest(string.getBytes());
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static String getSalt(Context context) throws NoSuchAlgorithmException {
        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
        String salt = preferences.getString("salt", null);
        if (salt == null) {
            byte[] saltBytes = new byte[20];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(saltBytes);
            salt = new String(saltBytes);
            SharedPreferences.Editor editor = preferences.edit();
            editor.putString("salt", salt).commit();
        }
        return salt;
    }
}
Usage:

Code:
String example = "example";
try {
    example = Crypto.SHA512(example, context);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}

Thanks

Gesendet von meinem LG-D855 mit Tapatalk
Post Reply Subscribe to Thread

Tags
encryption, hashing, salt, security, sha512
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes