A practical, hands-on guide to securing Java application passwords with hashing techniques
Overview
- Learn something new in an Instant! A short, fast, focused guide delivering immediate results
- Learn to use the basic MD5 hash
- Introduces and details the concept of a strong SHA-based hash
- Add salt to strengthen hashes and create nearly unbreakable hashes
In Detail
Password security is a critical matter when it comes to protecting the interests of application users and their data for a satisfactory user experience. With the advancement in technology, now more than ever, application developers need to be able to implement reliable mechanisms to prevent passwords from being stolen. Java Password and Authentication Security provides a practical approach to implement these reliable mechanisms with the possibility to make password authentication stronger as technology makes it easier to break them.
Java Password and Authentication Security is a practical, hands-on guide covering a number of clear, step-by-step exercises and code examples that will help you to implement strong password authentication solutions for your project in no time.
This book starts off with the most basic and well known hashing technique to quickly get an application developer started with implementing a standard password protection mechanism. Furthermore, it covers the stronger SHA (standard hashing algorithm) family in detail and brings up a technique to improve the hash security with a technique called “salting”.
You will also learn how to use these hashes, and more importantly, when to use each technique. You will learn that not every hash algorithm is good in every situation, and how to deal with password recovery, password authentication, and timing attacks.
What you will learn from this book
- How and when to use the MD5 hash
- Create every SHA-based hash
- Use SHA hashes, and learning their weaknesses
- Add salt to a hash
- Store salts and regenerate the hash using the original salt
- Implement an iterative hashing mechanism
- Increase the strength of your hashes with an iterative hashing mechanism
- Implement a length-constant time comparison to avoid timing attacks
Approach
Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. This book takes a hands-on approach to Java-based password hashing and authentication, detailing advanced topics in a recipe format.
Who this book is written for
This book is ideal for developers new to user authentication and password security, and who are looking to get a good grounding in how to implement it in a reliable way.
It's assumed that the reader will have some experience in Java already, as well as being familiar with the basic idea behind user authentication.
Fernando Mayoral is a young app developer and an advanced student in Systems Engineering, with experience in distributed systems, data mining, high performance algorithms, and web security. He is a web security enthusiast, always trying to learn asmuch as possible.Fernando has taken part in very interesting startups, personal projects, and full time jobs. He has worked on big projects for Cardif, a multinational insurance company that is part of the BNP Paribas group, and has collaborated indirectly on projects for Toyota and Pan American Energy.
