More secure encryption class using salt

Jonny

Jonny

Retired Forum Moderator
Jul 22, 2011
9,282
9,606
263
Birmingham
jonathonfitch.com
Jun 5, 2014 at 10:48 PM
Continuing with the theme from my last thread where I posted a simple class for encrypting strings using the SHA-512 hashing algorithm, here is an improved version that generates a random 20 byte salt to add in with the string to be hashed. This is then hashed providing greater security.

Due to the random generation of the salt each time a string is hashed, this makes it pretty much impossible to get the same hash for a string, therefore once the salt has been generated the first time round it is stored in sharedPreferences for future uses so that you can use it for checking matches etc ;)

Method of converting the bytes to hex string adapted from maybeWeCouldStealAVan's method @ stackoverflow.

Code: 
public class Crypto {
    final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

    protected static String SHA512(String string, Context context) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        String salt = getSalt(context);
        md.update(salt.getBytes());
        byte[] bytes = md.digest(string.getBytes());
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static String getSalt(Context context) throws NoSuchAlgorithmException {
        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
        String salt = preferences.getString("salt", null);
        if (salt == null) {
            byte[] saltBytes = new byte[20];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(saltBytes);
            salt = new String(saltBytes);
            SharedPreferences.Editor editor = preferences.edit();
            editor.putString("salt", salt).commit();
        }
        return salt;
    }
}
Usage:

Code: 
String example = "example";
try {
    example = Crypto.SHA512(example, context);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}
 
Last edited:
  • Like
Reactions: tschmid, S0AndS0, KINGbabasula and 16 others
T

tschmid

Senior Member
Feb 17, 2013
859
325
0
Aug 8, 2014 at 12:33 PM
Jonny said:
Continuing with the theme from my last thread where I posted a simple class for encrypting strings using the SHA-512 hashing algorithm, here is an improved version that generates a random 20 byte salt to add in with the string to be hashed. This is then hashed providing greater security.

Due to the random generation of the salt each time a string is hashed, this makes it pretty much impossible to get the same hash for a string, therefore once the salt has been generated the first time round it is stored in sharedPreferences for future uses so that you can use it for checking matches etc ;)

Method of converting the bytes to hex string adapted from maybeWeCouldStealAVan's method @ stackoverflow.

Code: 
public class Crypto {
    final protected static char[] hexArray = "0123456789ABCDEF".toCharArray();

    protected static String SHA512(String string, Context context) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-512");
        String salt = getSalt(context);
        md.update(salt.getBytes());
        byte[] bytes = md.digest(string.getBytes());
        char[] hexChars = new char[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = hexArray[v >>> 4];
            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }

    private static String getSalt(Context context) throws NoSuchAlgorithmException {
        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
        String salt = preferences.getString("salt", null);
        if (salt == null) {
            byte[] saltBytes = new byte[20];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(saltBytes);
            salt = new String(saltBytes);
            SharedPreferences.Editor editor = preferences.edit();
            editor.putString("salt", salt).commit();
        }
        return salt;
    }
}
Usage:

Code: 
String example = "example";
try {
    example = Crypto.SHA512(example, context);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}
Click to expand...
Thanks

Gesendet von meinem LG-D855 mit Tapatalk
 
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone