Package org.apache.shiro.crypto.hash

Class DefaultHashService

java.lang.Object

org.apache.shiro.crypto.hash.DefaultHashService

All Implemented Interfaces:

ConfigurableHashService, HashService

public class DefaultHashService
extends Object
implements ConfigurableHashService

Default implementation of the HashService interface, supporting a customizable hash algorithm name.

Hash Algorithm

You may specify a hash algorithm via the setDefaultAlgorithmName(String) property. Any algorithm name understood by the JDK MessageDigest.getInstance(String algorithmName) method will work, or any Hash algorithm implemented by any loadable HashSpi. The default is argon2.

A hash and the salt used to compute it are often stored together. If an attacker is ever able to access the hash (e.g. during password cracking) and it has the full salt value, the attacker has all of the input necessary to try to brute-force crack the hash (source + complete salt).

However, if part of the salt is not available to the attacker (because it is not stored with the hash), it is much harder to crack the hash value since the attacker does not have the complete inputs necessary.

Since:

1.2

Constructor Summary

Constructors

Constructor	Description
DefaultHashService()	Constructs a new DefaultHashService instance with the following defaults: hashAlgorithmName = SHA-512

Method Summary

Modifier and Type	Method	Description
Hash	computeHash(HashRequest request)	Computes and responds with a hash based on the specified request.
protected String	getAlgorithmName(HashRequest request)
String	getDefaultAlgorithmName()
void	setDefaultAlgorithmName(String name)	Sets the name of the key derivation function algorithm that will be used to compute secure hashes for passwords.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultHashService

public DefaultHashService()

Constructs a new DefaultHashService instance with the following defaults:

• hashAlgorithmName = SHA-512

Method Details

computeHash

public Hash computeHash(HashRequest request)

Computes and responds with a hash based on the specified request.

This implementation functions as follows:

• If the request's salt is null:

  A salt will be generated and used to compute the hash. The salt is generated as follows:

  1. Use the combined value as the salt used during hash computation

Specified by:

computeHash in interface HashService

Parameters:

request - the request to process

Returns:

the response containing the result of the hash computation, as well as any hash salt used that should be exposed to the caller.

See Also:

• Hash.getSalt()

getAlgorithmName

protected String getAlgorithmName(HashRequest request)

setDefaultAlgorithmName

public void setDefaultAlgorithmName(String name)

Description copied from interface: ConfigurableHashService

Sets the name of the key derivation function algorithm that will be used to compute secure hashes for passwords.

Specified by:

setDefaultAlgorithmName in interface ConfigurableHashService

Parameters:

name - the name of the key derivation function algorithm that will be used to compute secure hashes for passwords.

getDefaultAlgorithmName

public String getDefaultAlgorithmName()

Specified by:

getDefaultAlgorithmName in interface HashService

Returns:

Default algorithm name for this hash service