Skip to content

Commit 2c66bce

Browse files
committed
Update Javadocs to mention generating salts with ThreadLocalRandom internally and suggest using SecureRandom.
git-svn-id: https://svn.apache.org/repos/asf/commons/proper/codec/trunk@1814682 13f79535-47bb-0310-9956-ffa450edef68
1 parent 9410369 commit 2c66bce

1 file changed

Lines changed: 21 additions & 4 deletions

File tree

  • src/main/java/org/apache/commons/codec/digest

src/main/java/org/apache/commons/codec/digest/Crypt.java

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
*/
1717
package org.apache.commons.codec.digest;
1818

19+
import java.security.SecureRandom;
20+
import java.util.concurrent.ThreadLocalRandom;
21+
1922
import org.apache.commons.codec.Charsets;
2023

2124
/**
@@ -35,7 +38,12 @@ public class Crypt {
3538
* <p>
3639
* A random salt and the default algorithm (currently SHA-512) are used. See {@link #crypt(String, String)} for
3740
* details.
38-
*
41+
* </p>
42+
* <p>
43+
* A salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
44+
* {@link SecureRandom} to generate your own salts and calling {@link #crypt(byte[], String)}.
45+
* </p>
46+
*
3947
* @param keyBytes
4048
* plaintext password
4149
* @return hash value
@@ -55,7 +63,9 @@ public static String crypt(final byte[] keyBytes) {
5563
* @param keyBytes
5664
* plaintext password
5765
* @param salt
58-
* salt value
66+
* real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for
67+
* you using {@link ThreadLocalRandom}; for more secure salts consider using {@link SecureRandom} to
68+
* generate your own salts.
5969
* @return hash value
6070
* @throws IllegalArgumentException
6171
* if the salt does not match the allowed pattern
@@ -80,7 +90,12 @@ public static String crypt(final byte[] keyBytes, final String salt) {
8090
* Calculates the digest using the strongest crypt(3) algorithm.
8191
* <p>
8292
* A random salt and the default algorithm (currently SHA-512) are used.
83-
*
93+
* </p>
94+
* <p>
95+
* A salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
96+
* {@link SecureRandom} to generate your own salts and calling {@link #crypt(String, String)}.
97+
* </p>
98+
*
8499
* @see #crypt(String, String)
85100
* @param key
86101
* plaintext password
@@ -140,7 +155,9 @@ public static String crypt(final String key) {
140155
* @param key
141156
* plaintext password as entered by the used
142157
* @param salt
143-
* salt value
158+
* real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for
159+
* you using {@link ThreadLocalRandom}; for more secure salts consider using {@link SecureRandom} to
160+
* generate your own salts.
144161
* @return hash value, i.e. encrypted password including the salt string
145162
* @throws IllegalArgumentException
146163
* if the salt does not match the allowed pattern

0 commit comments

Comments
 (0)