Last active
June 28, 2017 21:17
-
-
Save JustinTArthur/3528cfca7e644547d6ce to your computer and use it in GitHub Desktop.
Java for checking the password of a user against a typical Django user table entry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Assumes an encoded password entry that looks like: | |
| // pbkdf2_sha256$13000$I2fysbVVZ$6WuU/biq8RveLuiTgpLeEJ7hcqoqpkqVlpUIHWUoi9I= | |
| String[] encodedPassword = passedInPassword.split("\\$"); | |
| int encodedIterations = Integer.parseInt(encodedPassword[1]); | |
| byte[] encodedSalt = encodedPassword[2].getBytes(Charset.forName("UTF-8")); | |
| String encodedHash = encodedPassword[3]; | |
| SecretKeyFactory f = null; | |
| try { | |
| f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); | |
| } catch (NoSuchAlgorithmException e) { | |
| System.out.println("Need a Java implementation with cryptography."); | |
| } | |
| KeySpec ks = new PBEKeySpec(passedInPassword.toCharArray(), encodedSalt, encodedIterations, 256); | |
| SecretKey s = null; | |
| try { | |
| s = f.generateSecret(ks); | |
| } catch (InvalidKeySpecException e) { | |
| System.out.println("Encoded password is corrupt."); | |
| } | |
| if (encodedHash.equals(Base64.getEncoder().encodeToString(s.getEncoded()))) { | |
| System.out.println("User is legit."); | |
| } else { | |
| System.out.println("Passed in password is not correct."); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment