Hash function algorthim

Similar Messages

• How to encrypt password with hash function in Java?

  Hello, everybody!
  I will need to store user passwords in a database, but for stronger security I want to store these passwords hashed, so I know I will need a column for the password and for the salt value.
  So, I'd like that you indicate me a very good article or tutorial (preferable from Sun) that shows me how to use Java to encrypt and decrypt passwords with hash. It doesn't necessarily need to deal with database. I can implement this part myself after seeing how Java manage encryption with hash functions.
  Thank you very much.
  Marcos

  I will tell you more precisely what I want to get better for you to help me.
  As I said I implemented in .NET what I need to implement in Java now. In my
  database I have a table with this structure (I omitted that columns that are not
  necessary to our discussion):
  CREATE TABLE EMPLOYEES
  ID NOT NULL PRIMARY KEY,
  PASSWORD VARCHAR(40), -- password encrypted
  HASH_SALT VARCHAR(10) -- salt value used to encrypt password
  So, in the table I have a column to store the password encrypted and a column to
  store the salt value.
  Below is a little utility class (in C#) that I use to generate the salt and
  the hashed password.
  public static class PasswordUtilities
      public static string GenerateSalt()
          RNGCryptoServiceProvider encoder = new RNGCryptoServiceProvider();
          byte[] buffer = new byte[5];
          encoder.GetBytes(buffer);
          return Convert.ToBase64String(buffer);
      public static string EncryptPassword(string password, string salt)
          string encryptedPassword =
              FormsAuthentication.HashPasswordForStoringInConfigFile(
              password + salt, "SHA1");
          return encryptedPassword;
  }As you can see, the class is fairly simple. It only has two methods: one to
  generate the salt value that will be used to encrypt the password and another
  one to encrypt the password. The method HashPasswordForStoringInConfigFile of
  the FormsAuthentication class is what really hash the password with the salt
  value. This class belongs to the .NET library, so we can't see its source code,
  but it doesn't matter for our discussion as I know that we can implement
  something similar in Java.
  Below is a little sample code showing the use of the utility class above to
  encrypt a password.
  public class Encrypt
      public static void Main(string args[])
          string password = "Secret";
          string salt = PasswordUtilities.GenerateSalt();
          string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
          // now I store 'encryptedPassword' in the PASSWORD column and 'salt'
          // in the HASH_SALT column in the EMPLOYEES table.
  }To verify if a password is correct I can use the code below:
  public class VerifyPassword
      public static void Main(string args[])
          string password = GetPasswordFromUser();
          // Let's assume that employee is an instance that corresponds to a row
          // in the database and the properties HashSalt and Password correspond
          // to the HASH_SALT and PASSWORD columns respectively.
          Employee employee = GetEmployeeFromDatabase(1);
          string salt = employee.HashSalt;
          string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
          bool passwordMatch = employee.Password.Equals(encryptedPassword);
          System.Console.WriteLine(passwordMatch);
  }The only thing that interest me in this discussion is the PasswordUtilities class.
  As you saw its code is in C#, using the .NET framework libraries.
  What I want is to have this same little class coded in Java, to generate the salt
  value and to encrypt the password passed in using salt value generated. If you could
  help me to do that with articles that have what I want or with code that already do
  that I would really appreciate.
  Thank you in advance.
  Marcos

• HASH FUNCTION IN JAVA

  i need help!!
  i have to create a program in java in which i want to compare passwords by using hash function.More specifically,the parameters of hash should be like this hash(password,salt).
  which is the library that i have to use and how can i call it in main function?
  thank you!
  plz respond as soon as possible!

  The same way you would call it in any other method :) You should start with the JCE develop guide and go from there. The more reading you can do on cryptography the better. If you understand the concepts, the Java code will become easier to write.
  http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#MDEx

• One way hash function in java

  Simply i want to save a password entered to a java program and save it in a MySQL database
  Here I want to encrypt that password and save it in the database.... I prefer one way hash function encryption because it fulfills my need.
  SHA-1 is the best in java now as I read from a article, is it?
  What I need is that if someone can post a complete code which uses SHA-1 (if it is the best preferred one).
  I've tried some codes published in the web but didn't work
  one code worked very well but when I entered characters like "@#$%%" it failed.
  Thank You!!!

  797241 wrote:
  I've search using your key terms and got a good code that works ("java sha-1 example")
  thanks for that
  I didn't got that when i was searchingHard to believe.
  So suggesting that working link was enough though you've put some other annoying comment tooIt is considered extremely bad mannered just to ask for code. If you have presented code that has problems and ask for help in fixing the problems you will normally get help but just to ask for code implies you are very lazy.
  thanks for that too
  I would rather prefer if you would have written "You are not going to get an answer, get the hell out of here!!!"Now that would have invoked the wrath of the moderators!
  P.S. Just using a SHA-1 digest is insecure as the result is open to a dictionary attack. You should use a randomly seeded digest with both the random value and digest value being stored in the database.

• Help with Hash Function in Properties

  Hi, I need to know the algorithm of the Hash Function that is used by Java in its HashMap, Properties, etc... classes.
  Can I get it somewhere or is it private? I need it for documentation purposes.
  Thanks!
  Sigurd

  Hi.
  You can download the source for the entire JDK from the usual download locations, so you can see the details of the implementation there. If you're looking for a higher level description, I don't know where you'd find that, other than a few pages which document general ways to get well distributed hashes; look at http://java.sun.com/developer/Books/effectivejava/Chapter3.pdf for an example of this - a chapter from the mighty Joshua Bloch's 'Effective Java'.
  Regards,
  Lance

• Hash function in directory server

  Dear all,
  We have a very large database so when we setup our LDAP server, we add a number(between 0 and 256) ou to LDAP schema. The number is calculated from the user email address with a hash function.
  However we have such a problem when we want to migrate our old system to JMS. How can we let JMS to know the hash number from user's email? Is there any way to add a hash function to JMS's directory-access-API so that JMS would use both user's email and the hash number to access LDAP?
  Thanks for any help from you.
  Alex

  Dear all,
  We have a very large database so when we setup our
  LDAP server, we add a number(between 0 and 256) ou to
  LDAP schema. The number is calculated from the user
  email address with a hash function. This sounds like an unneeded complication. Why?
  >
  However we have such a problem when we want to
  migrate our old system to JMS. How can we let JMS to
  know the hash number from user's email? Is there any
  way to add a hash function to JMS's
  directory-access-API so that JMS would use both
  user's email and the hash number to access LDAP?You might look at the domain_uplevel setting in option.dat, but I'd personally rather have you loose the hash.
  We have deployments without such complications, into the several million Directory entries, with no problem, and no hash.
  >
  Thanks for any help from you.
  Alex

• Hash function question

  I'm working with hash codes for string objects. Here's the method i'm using (i think this is the same as the normal string hash function, except for mine supports skipping characters):
  public int hashCode () {
          int h;
          h = 0;
          for (int i = 0, len = rep.length (), step = skip; i < len; i += step)
              h = h*31 + rep.charAt (i);
          return h;
      }This comes from a wrapper class that holds a string (REP) as well as an int SKIP that causes the hash function to skip characters in the string (my question won't be dealing with SKIP, ie, assume SKIP is one for the purposes of this question).
  I'm running this hash function on four-character "words" of the form "xxyy" (where x and y are some value between 1 and a specified N, where N is by usage usually less than 300 or so) and also on words of the form xXyY (where x, y, and N are the same as before, and X=2^16 - 31x - 1 and Y=2^16 - 31y - 1).
  So the question is, will this hash function take longer to run on xXyY words than it will on xxyy words? if so, why?

  If X and x, as well as Y and y, are of the same type but merely hold different values, and the strings are of equal length, that shouldn't matter performance-wise.

• Hashing function trouble???

  I'm using a standard hashing function for strings (ala P. J. Weingberger). It's worked fine on various unices (linux,freebsd,etc) and on a solaris 5.7 platform. However, I'm getting errors when I try to run on a Solaris 8 environment, Ultra1 (32-bit). I'm not familiar with Solaris, but perhaps someone could weigh in with why the following function is causing trouble... Different bitwise ops for Solaris 8? Also, the compiler is gcc.
  Here's the function. Thanks!
  unsigned int hashpjw (const void *key) {
  const char *ptr;
  unsigned int val;
  val=0;
  ptr=key;
  while (*ptr != '\0') {
  int tmp;
  val = (val << 4) + (*ptr);
  if (tmp = (val & 0xf0000000)) {
  val = val ^ (tmp >> 24);
  val &= ~tmp;
  ptr++;
  return (val%BIG_MAX);

  Solaris 2.6 and above use 64-bit versions of many
  libraries. If you are assuming 32-bit operations, your
  code will have problems. Consult the man-pages for
  how to get different compatability modes. There were
  dual 32 and 64 bit compat libs on Solaris 2.6. Not
  sure about Solaris 8. This is in the OS primarily, not
  the compilers, because lots of apps and any thrid
  party compilers have to make the choice between 32 bit
  and 64 bit compat.

• Hash Function used by oracle

  Hi,
  I am working on partition tables.
  I want to know more abt how hash partitioning works.
  I want to know the exact hash function used by oracle.
  I searched a lot, but couldn't find an exact answer on the net.
  Plz assist.
  Thanks in advance.
  Subha

  EdStevens wrote:
  Justin Mungal wrote:
  saratpvv wrote:
  This file contains port list
  $ORACLE_HOME/install/portlist.iniHey... neat... I didn't know about that.
  But I would still go with netstat just to be sure, as previously suggested. The portlist.ini file listed the EM and EM Agent ports, but didn't list the listener port... tsk tsk portlist.ini!Because you are expecting portlist.ini to be used for something that it is NOT used for ...
  I can't find the documentation now, but it seems I remember reading that oracle uses its portlist.ini file to track what ports it has assigned to various (but not all) of its services. But it is NOT used to actually configure those services. THAT is done with various .config or .xml files. See http://docs.oracle.com/cd/E11882_01/install.112/e24321/app_port.htm#sthref841 for some additional insight.
  Roger. I haven't actually used it, as I had only just heard about it. Thank you though.

• Secure hash function with salt to create a not spoofable PRC (SAP CRM)

  Hello SAP Security Community,
  SAP CRM Marketing provides a functionality called Personalized Response Code (PRC, 10 characters). This code can be used in mail, fax, sms or letters to customers. When the customer returns the PRC to the communication initiator, it can be mapped to a campaign and the business partner number of the customer. See also the [SAP Standard Help|http://help.sap.com/saphelp_crm700_ehp01/helpdata/EN/2a/c13463f09c4a1f9c45903e7a0a7230/frameset.htm].
  By default this standard implementation of the BAdI CRM_MKT_PRC_CONVERT is called:
  METHOD if_ex_crm_mkt_prc_convert~convert_prc.
    DATA lv_no      TYPE  crmt_mkt_icrh_prc_num.
    DATA lv_string  TYPE  string.
    DATA lv_pos     TYPE  int4.
    DATA lv_base31  TYPE  string VALUE '0123456789BCDFGHJKLMNPQRSTVWXYZ'.
  **** converting the numeric-base10 into base31
    lv_no = iv_prc.
    CLEAR lv_string.
    DO.
      lv_pos = lv_no MOD 31.
      lv_no  = lv_no DIV 31.
      CONCATENATE lv_base31+lv_pos(1) lv_string INTO lv_string.
      IF lv_no = 0.
        EXIT.
      ENDIF.
    ENDDO.
    MOVE lv_string TO ev_prc.
  ENDMETHOD.
  As you can see it does a simple base31 encoding of the provided input parameter iv_prc which is a number provided by the number range for PRC's.
  I want to use the PRC to make our customers registration process for a trade fair easier. We send out the PRC via a letter to the customers where we don't have an E-Mail address. The letter contains instructions which point the user to a Website that has an input field for the PRC. When the user submits the PRC I'd like to show him/her some personal information (Name, Address, E-Mail) that we lookup using the PRC in the CRM System. This information is then posted to a 3rd party website that has to be used to do the trade fair registration.
  If I would use the simple base31 encoding, then the current counter state could be easily decoded, the next number can be chosen and by applying base31 encoding again, the next valid PRC is created. This could then be misused to read personal information of another customer. I think what could solve this problem would be to use a secure hash function that allows also to be salted to create the PRC.
  Do you think I'm on the right track? Or would it be OK to use the classes described in [Note 1410294 - Support SHA2-family for Message Digest and HMAC|https://service.sap.com/sap/support/notes/1410294] and before doing the hashing add a random number to the PRC number that I've got from the number range? What problems do I run in as the PRC could not be longer than 12 characters? For sure I have to check that I don't create any PRC twice.
  Best regards
  Gregor

  Knowledge of PCR should not reveal any personal information to you.
  OK, but in this case the PCR is mapped to the campaign number and the BP-number. It would reveal the information.  Hence a second hash which only allows further processing if it matches. The second hash is a "signature" of the PCR.
  I don't agree with this. The security should NOT be based on hiding how system works. Only key should be secret. In this case it should all depend on quality of PRNG. Check Kerckhoffs's principle. Whenever I see proprietary algorithm in crypto I start to feel nervous about the system.
  Ok, you convinced me. That is also true, but you will have to save the key or the hash it produces to be able to verify it again when the user returns to the website - and in this case it is in clear text ABAP (unless Mr. Wolf wants to create an external program, like SAP does with C-calls).
  From the perspective of the user it is a password and they must be able to transfer it from a snail-mail readable text on paper into a website field.
  As Mr. Wolf has noticed, the next PCRs can be obtained by anyone who can decode standard code (knowing that the BADI is activated).
  I think a correctly placed split and concatenation does the trick for a 20 character field without knowing which part is the PCR and which is the signature (a human can still enter that into a website field).
  I think the big question (appart from the principle - which I agree with you on) is whether the admins and their family members are allowed to bid? Also do the bidders have acces to this system as technical consultants?? (for example to single test methods and function modules in the production system??).
  Also how does the process continue and finally get concluded? Typically there is some "horse trading" in the end anyway... 
  All these factors should influence the strength and complexity of the design, and maintenance of it IMO.
  But generally you are correct and I rest my case.
  @ Mr. Wolf: Are you enjoying the debate too much or are you going to give us more insight?
  Cheers,
  Jules

• A hash function

  Hi,
  I am doing a project in which I hope to build a database on the one of 3 servers and in fact I will build 3 databases totally. When I send keys and datas to server from client, I hope to put them into databases equally, i.e. the amount of data on every server are as equal as possible. Now, I am using the following method:
  In general, key is string and I convert the string to number N;
  m = N % 3;
  if m = 1, put the key and the corresponding data into the database on server 1;
  if m = 2, put the key and the corresponding data into the database on server 2;
  if m = 3, put the key and the corresponding data into the database on server 3;
  When I query the data, I also use m' = N % 3 to decide which server I should go to search my data.
  Right now the problem is that for persons, most of them may use some letters more often than other letters. And thus the amount of the three databases may be not equal. Can any one give another method, a hash function, to solve this problem or give me some ideas about some books or some websites?
  Thanks a lot.

  I think that the following method can is good for the
  evenly distribution,and this is on the webstie of
  http://wwwcsif.cs.ucdavis.edu/~fletcher/classes/110W98/
  ecture_notes/hash.html
  Polynomial addressing:
  If x is a character string of standard length L (a
  very common situation), then form a polynomial using
  the ASCII values of each character. For example:
  x = ABC
  h(x) = 32^2 * 'A' + 32 * 'B' + 'C'
  Points to note:
  The ASCII values of each character are represented by
  the character placed between single quotes
  The factor 32 is used because it represents
  left-shifting by 5 bits
  This is easily computed using Horner's Rule: in this
  example,
  h(x) = (32 * 'A' + 'B') * 32 + 'C'
  This is easily coded as an iterative loop for
  arbitrary length L
  The general formula for strings of length L:
  h(x) = 32^(L-1) * x1 + 32^(L-2) * x2 + ... + xL
  If the polynomial gets too large during computation
  using Horner's rule, then you can mod out by the table
  size after each iteration:
  h = x1;
  for(i = 2; i <= L; i++)
  h = (h * 32 + xi) % Size;
  (going around in circles)
  This is EXACTLY how String's hashcode function is implemented! At least in the JDKs I have (1.3.1 --> 1.4.2). So my question is still: What's wrong with it?
  Apparently nothing!
  Suns implementation in String uses 31 as the 'magic' number which is perhaps better than 32 because instead of being a single shift, 31 acts as a distributed sum of shifts so that each input bit ends up affecting more bits in the hashcode. So, for example, the LSB's value will reflect every input received (instead of possibly just the last). Nice huh? This is especially important if you're going to %3 the value.
  sjasja's suggestion using 33 as the value has a similar effect.
  So to ensure consisteny (as was overlooked by me and suggested by sjasja) cut&paste the code from String.hashcode and use it.

• Hash function - seeking for example

  Can some one give me an example of Hash function in flex. I wont to turn a string to hash code and then test if other string is giving me same hash code or in other words: I wont to set a password as part of my flex app.
  This is what I found http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/mx/utils/SHA256.ht ml on the help pages.
  I hope you be able to help me.

  var b:ByteArray = new ByteArray();
  b.writeMultiByte(data.toString(), "UTF-8");
  SHA256.computeDigest(b);

• Hash function not use MessageDigest

  Anyone knows which implementation method of SHA Hash function does not use MessageDigest?
  Thanks

  If you don't want the MessageDigest interface to a JCE provider, you'll need to reference instead a class based on MessageDigestSPI.
  Sun currently allows using directly the "SHA" class in the "sun.java.security" package (as it is based on MessageDigestSPI, you already have a documented API for it:
  public class SHA extends MessageDigestSPI
      implements Cloneable {
      public SHA();
      public int engineGetLength(); // returns 20
      public void engineUpdate(byte value);
      public void engineUpdate(byte[] buffer, int offset, int length);
      public byte[] engineDigest() throws java.security.DigestException;
      public void engineReset();
  }Also this class implements Clonable, meaning that you can preserve its internal state before calling engineDigest() that will (before returning the final value) reset the internal state and clear the internal "evidence data" in the instance.
  To use it:
  import java.security.*;
  SHA state = new SHA(); // pass argument (0) if you want the deprecated SHA-0 algorithm instead of SHA-1
  byte b = ...;
  state.engineUpdate(b);
  byte[] buffer = ...;
  state.engineUpdate(buffer, 0, buffer.length);
  byte[] digestBytes = state.engineDigest(); // implicitly calls state.engineReset() before returning

• Hash function for the DB_HASH access method

  Hello!
  I use BDB 4.5.20 and tried to use a DB_HASH access method providing my own hash function, since I have very specific keys. Keys are UUID, and they all have the same length (16 bytes) and specific binary representation which can be used to generate hash code. After I set own hash function using Db::set_h_hash() I get the call of this function during database open with a very strange data I was not expected.
  Backtrace is:
  storaged.dll!tbricks::storage::StorageBDBBackend::bdb_hash_func(Db * db=0x01dba398, const void * key=0x1318326c, unsigned int size=12) Line 35     C++
  libdb45d.dll!_db_h_hash_intercept_c(__db * cthis=0x01dba418, const void * data=0x1318326c, unsigned int len=12) Line 483 + 0x97 bytes     C++
  libdb45d.dll!__ham_init_meta(__db * dbp=0x01dba418, hashmeta33 * meta=0x01dbb120, unsigned int pgno=0, _db_lsn * lsnp=0x0013f10c) Line 291 + 0x13 bytes     C
  libdb45d.dll!__ham_new_file(__db * dbp=0x01dba418, __db_txn * txn=0x01dbacc8, __fh_t * fhp=0x01dbafb8, const char * name=0x01dbac60) Line 402 + 0x13 bytes     C
  libdb45d.dll!__db_new_file(__db * dbp=0x01dba418, __db_txn * txn=0x01dbacc8, __fh_t * fhp=0x01dbafb8, const char * name=0x01dbac60) Line 284 + 0x15 bytes     C
  libdb45d.dll!__fop_file_setup(__db * dbp=0x01dba418, __db_txn * txn=0x01dba9e0, const char * name=0x01585624, int mode=384, unsigned int flags=129, unsigned int * retidp=0x0013f458) Line 586 + 0x42 bytes     C
  libdb45d.dll!__db_open(__db * dbp=0x01dba418, __db_txn * txn=0x01dba9e0, const char * fname=0x01585624, const char * dname=0x00000000, DBTYPE type=DB_HASH, unsigned int flags=129, int mode=0, unsigned int meta_pgno=0) Line 154 + 0x1d bytes     C
  libdb45d.dll!__db_open_pp(__db * dbp=0x01dba418, __db_txn * txn=0x01dba9e0, const char * fname=0x01585624, const char * dname=0x00000000, DBTYPE type=DB_HASH, unsigned int flags=129, int mode=0) Line 1079 + 0x23 bytes     C
  libdb45d.dll!Db::open(DbTxn * txnid=0x00000000, const char * file=0x01585624, const char * database=0x00000000, DBTYPE type=DB_HASH, unsigned int flags=33554561, int mode=0) Line 313 + 0x30 bytes     C++
  storaged.dll!tbricks::storage::BDBBackend::open_db(Db & db={...}, const char * fileName=0x01585624, DBTYPE dbType=DB_HASH) Line 372 + 0x21 bytes     C++
  Db::set_h_hash() documentation says nothing about behaviour like this.
  Why BDB calls my hash function during database open while I do not put()/get() any data?
  Firstly I was implemented hash function aborting the application if key length is not equal 16, because it looks like application internal error, and for sure application was aborted because of that.
  How should I treat this data and do I have to return any hash code at all in this case?

  A quick look at the code indicates that this call is to run the hash function against a known value ("%$sniglet^&") to store the result in the DB file (or to compare the result against a result stored in the file, if the file already exists). Since a failure of this comparison prints "hash: incompatible hash function", I think we can assume that this is done to ensure the hash function being used is compatible with the hash function used when the DB file was created.
  So you need to be able to provide some form of hash output for this.

• Looking for a simple hash function

  I need the equivalent Oracle statement to this MySQL statement:
  INSERT INTO `site_users`
  (`username`, `password`)
  VALUES
  ('test', SHA1('testpw'))
  That SHA1 function is what I'm looking for, and for the life of me I can't find the equivalent. It's just a simple hash for the password, that's it. Any help would be greatly appreciated.
  Thanks,
  David

  Hi,
  something like this,
  INSERT INTO SITE_USERS
     ( 'USERNAME'
     , 'PASSWORD')
  VALUES
     ( 'TEST'
     , RAWTOHEX(dbms_utility.get_hash_value('TESTPWD',1,Power(2 ,16)-1))
  SQL> SELECT RAWTOHEX(dbms_utility.get_hash_value('TESTPWD',1,Power(2,16) - 1)) Hash
    2    FROM dual;
  HASH
  C3025407Regards,
  Christian Balz