public final class Sha512Crypt
extends java.lang.Object
This class defines a method, Sha512_crypt(), which takes a password and a salt string and
generates a Sha512 encrypted password entry.
This class implements the new generation, scalable, SHA512-based Unix 'crypt' algorithm developed by a group of engineers from Red Hat, Sun, IBM, and HP for common use in the Unix and Linux /etc/shadow files.
The Linux glibc library (starting at version 2.7) includes support for validating passwords hashed using this algorithm.
The algorithm itself was released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. A discussion of the rationale and development of this algorithm is at
http://people.redhat.com/drepper/sha-crypt.html
and the specification and a sample C language implementation is at
http://people.redhat.com/drepper/SHA-crypt.txt
| Modifier and Type | Field and Description |
|---|---|
private static java.lang.String |
itoa64 |
private static int |
ROUNDS_DEFAULT |
private static int |
ROUNDS_MAX |
private static int |
ROUNDS_MIN |
private static int |
SALT_LEN_MAX |
private static java.lang.String |
SALTCHARS |
private static java.lang.String |
sha512_rounds_prefix |
private static java.lang.String |
sha512_salt_prefix |
| Constructor and Description |
|---|
Sha512Crypt() |
| Modifier and Type | Method and Description |
|---|---|
private static java.lang.String |
b64_from_24bit(byte B2,
byte B1,
byte B0,
int size) |
private static java.security.MessageDigest |
getSHA512() |
static void |
main(java.lang.String[] arg)
Test rig
|
private static void |
selfTest()
Validate our implementation using test data from Ulrich
Drepper's C implementation.
|
static java.lang.String |
Sha512_crypt(java.lang.String keyStr,
java.lang.String saltStr,
int roundsCount)
This method actually generates an Sha512 crypted password hash
from a plaintext password and a salt.
|
static boolean |
verifyHashTextFormat(java.lang.String sha512CryptText)
Returns true if sha512CryptText is a valid Sha512Crypt hashtext,
false if not.
|
static boolean |
verifyPassword(java.lang.String plaintextPass,
java.lang.String sha512CryptText)
This method tests a plaintext password against a SHA512 Unix
Crypt'ed hash and returns true if the password matches the
hash.
|
private static final java.lang.String sha512_salt_prefix
private static final java.lang.String sha512_rounds_prefix
private static final int SALT_LEN_MAX
private static final int ROUNDS_DEFAULT
private static final int ROUNDS_MIN
private static final int ROUNDS_MAX
private static final java.lang.String SALTCHARS
private static final java.lang.String itoa64
private static java.security.MessageDigest getSHA512()
public static final java.lang.String Sha512_crypt(java.lang.String keyStr,
java.lang.String saltStr,
int roundsCount)
This method actually generates an Sha512 crypted password hash from a plaintext password and a salt.
The resulting string will be in the form '$6$<rounds=n>$<salt>$<hashed mess>
keyStr - Plaintext passwordsaltStr - An encoded salt/roundes which will be consulted to determine the salt
and round count, if not nullroundsCount - If this value is not 0, this many rounds will
used to generate the hash text.private static final java.lang.String b64_from_24bit(byte B2,
byte B1,
byte B0,
int size)
public static final boolean verifyPassword(java.lang.String plaintextPass,
java.lang.String sha512CryptText)
This method tests a plaintext password against a SHA512 Unix Crypt'ed hash and returns true if the password matches the hash.
plaintextPass - The plaintext password text to test.sha512CryptText - The hash text we're testing against.
We'll extract the salt and the round count from this String.public static final boolean verifyHashTextFormat(java.lang.String sha512CryptText)
Returns true if sha512CryptText is a valid Sha512Crypt hashtext, false if not.
private static void selfTest()
Validate our implementation using test data from Ulrich Drepper's C implementation.
public static void main(java.lang.String[] arg)