/** * Sets a ordered list of nonces where each position corresponds to a version. * * The nonces are supposed not to be stored in the underlying jdbc storage but to * be provided as a application configuration. The idea is to add one extra variable * to the hash function in order to make breaking the passwords using rainbow tables * or precomputed hashes harder. Leaving the attacker only with the brute force * approach. * * Nonces are dependent on the implementation. E.g.: for the SHA512 they are extra salt * used during the hashing, for the PBKDF2 they map the number of iterations the algorithm * should take * @param nonces a json array. */ public void setNonces(JsonArray nonces) { delegate.setNonces(nonces); }
/** * Compute the hashed password given the unhashed password and the salt * @param password the unhashed password * @param salt the salt * @param version the nonce version to use * @return the hashed password */ public String computeHash(String password, String salt, int version) { String ret = delegate.computeHash(password, salt, version); return ret; }
/** * Retrieve the hashed password from the result of the authentication query * @param row the row * @return the hashed password */ public String getHashedStoredPwd(JsonArray row) { String ret = delegate.getHashedStoredPwd(row); return ret; }
@Test public void createHashTestWithVersion() { JDBCHashStrategy strategy = new PBKDF2Strategy(vertx); strategy.setNonces(new JsonArray().add(1000)); String hashedPassword = strategy.computeHash("Paulo", "123456", 0); assertTrue(JDBCHashStrategy.isEqual("39698770CC0B0B0553E9B74216FAE2C7C31B81D40940FA50601D7998B81820F86CEE7CD84CC1D06D06D832C5BACA45D3215F6B0F3F484931AE846915449BF72F$0", hashedPassword)); }
@Test public void createHashTest() { JDBCHashStrategy strategy = new PBKDF2Strategy(vertx); String hashedPassword = strategy.computeHash("Paulo", "123456", -1); assertTrue(JDBCHashStrategy.isEqual("3EF08FDF601E24F9D9DF99F2A199A563E1EB4C8C467D61962B9526001EF6FA9F31C2F89FCA7690CF022E11AF89DA8BFD4D18E8A0FC888A745C8DD7AAB92A359B", hashedPassword)); }
/** * Retrieve the salt from the result of the authentication query * @param row the row * @return the salt */ public String getSalt(JsonArray row) { String ret = delegate.getSalt(row); return ret; }
/** * Time constant string comparision to avoid timming attacks. * @param hasha hash a to compare * @param hashb hash b to compare * @return true if equal */ public static boolean isEqual(String hasha, String hashb) { boolean ret = io.vertx.ext.auth.jdbc.JDBCHashStrategy.isEqual(hasha, hashb); return ret; }
/** * This is the current backwards compatible hashing implementation, new applications should prefer the * PBKDF2 implementation, unless the tradeoff between security and CPU usage is an option. * @param vertx the vert.x instance * @return the implementation. */ public static io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy createSHA512(io.vertx.rxjava.core.Vertx vertx) { io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy ret = io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy.newInstance(io.vertx.ext.auth.jdbc.JDBCHashStrategy.createSHA512(vertx.getDelegate())); return ret; }
/** * Compute a random salt. * @return a non null salt value */ public String generateSalt() { String ret = delegate.generateSalt(); return ret; }
/** * Implements a Hashing Strategy as per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet (2018-01-17). * * New deployments should use this strategy instead of the default one (which was the previous OWASP recommendation). * * The work factor can be updated by using the nonces json array. * @param vertx the vert.x instance * @return the implementation. */ public static io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy createPBKDF2(io.vertx.rxjava.core.Vertx vertx) { io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy ret = io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy.newInstance(io.vertx.ext.auth.jdbc.JDBCHashStrategy.createPBKDF2(vertx.getDelegate())); return ret; }
@Test public void createHashAppleStyleTest() { JDBCHashStrategy strategy = new PBKDF2Strategy(vertx); strategy.setNonces(new JsonArray().add(1).add(10000)); String hashedPassword = strategy.computeHash("Paulo", "123456", 1); assertTrue(JDBCHashStrategy.isEqual("3EF08FDF601E24F9D9DF99F2A199A563E1EB4C8C467D61962B9526001EF6FA9F31C2F89FCA7690CF022E11AF89DA8BFD4D18E8A0FC888A745C8DD7AAB92A359B$1", hashedPassword)); } }
/** * Retrieve the salt from the result of the authentication query * @param row the row * @return the salt */ public String getSalt(JsonArray row) { String ret = delegate.getSalt(row); return ret; }
/** * Time constant string comparision to avoid timming attacks. * @param hasha hash a to compare * @param hashb hash b to compare * @return true if equal */ public static boolean isEqual(String hasha, String hashb) { boolean ret = io.vertx.ext.auth.jdbc.JDBCHashStrategy.isEqual(hasha, hashb); return ret; }
/** * This is the current backwards compatible hashing implementation, new applications should prefer the * PBKDF2 implementation, unless the tradeoff between security and CPU usage is an option. * @param vertx the vert.x instance * @return the implementation. */ public static io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy createSHA512(io.vertx.rxjava.core.Vertx vertx) { io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy ret = io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy.newInstance(io.vertx.ext.auth.jdbc.JDBCHashStrategy.createSHA512(vertx.getDelegate())); return ret; }
/** * Compute a random salt. * @return a non null salt value */ public String generateSalt() { String ret = delegate.generateSalt(); return ret; }
/** * Implements a Hashing Strategy as per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet (2018-01-17). * * New deployments should use this strategy instead of the default one (which was the previous OWASP recommendation). * * The work factor can be updated by using the nonces json array. * @param vertx the vert.x instance * @return the implementation. */ public static io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy createPBKDF2(io.vertx.rxjava.core.Vertx vertx) { io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy ret = io.vertx.rxjava.ext.auth.jdbc.JDBCHashStrategy.newInstance(io.vertx.ext.auth.jdbc.JDBCHashStrategy.createPBKDF2(vertx.getDelegate())); return ret; }
/** * Sets a ordered list of nonces where each position corresponds to a version. * * The nonces are supposed not to be stored in the underlying jdbc storage but to * be provided as a application configuration. The idea is to add one extra variable * to the hash function in order to make breaking the passwords using rainbow tables * or precomputed hashes harder. Leaving the attacker only with the brute force * approach. * * Nonces are dependent on the implementation. E.g.: for the SHA512 they are extra salt * used during the hashing, for the PBKDF2 they map the number of iterations the algorithm * should take * @param nonces a json array. */ public void setNonces(JsonArray nonces) { delegate.setNonces(nonces); }
public static java.lang.String getSalt(io.vertx.ext.auth.jdbc.JDBCHashStrategy j_receiver, java.util.List<Object> row) { return j_receiver.getSalt(row != null ? io.vertx.core.impl.ConversionHelper.toJsonArray(row) : null); } public static void setNonces(io.vertx.ext.auth.jdbc.JDBCHashStrategy j_receiver, java.util.List<Object> nonces) {
/** * Retrieve the hashed password from the result of the authentication query * @param row the row * @return the hashed password */ public String getHashedStoredPwd(JsonArray row) { String ret = delegate.getHashedStoredPwd(row); return ret; }
/** * Compute the hashed password given the unhashed password and the salt * @param password the unhashed password * @param salt the salt * @param version the nonce version to use * @return the hashed password */ public String computeHash(String password, String salt, int version) { String ret = delegate.computeHash(password, salt, version); return ret; }