s473620/AES-secured-notepad
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

password hashing

Browse Source
This commit is contained in:
mikgaw@st.amu.edu.pl 2023-12-03 20:52:16 +01:00
parent 18855aae13
commit 9c47e45353
4 changed files with 92 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/build.gradle
View File

@ -9,7 +9,7 @@ android {
defaultConfig {
applicationId "com.example.bsm_notatnik"
minSdk 24
minSdk 26
targetSdk 33
versionCode 1
versionName "1.0"

41
app/src/main/java/com/example/bsm_notatnik/Login.java
View File

@ -21,8 +21,16 @@ import com.google.firebase.auth.AuthResult;
import com.google.firebase.auth.FirebaseAuth;
import com.google.firebase.auth.FirebaseUser;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
public class Login extends AppCompatActivity {
private static final String SHARED_NAME_CREDENTIALS = "Credentials";
@ -90,9 +98,15 @@ public class Login extends AppCompatActivity {
private void login(String email, String password){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
String passwordFromData = sharedPreferences.getString("user_" + email, "err");
String passwordHashFromData = sharedPreferences.getString("user_" + email, "err");
if (password.equals(passwordFromData)){
byte[] salt = getSaltForUser(email);
String inputPasswordHash = hashPassword(password, salt);
assert inputPasswordHash != null;
if (inputPasswordHash.equals(passwordHashFromData)){
Toast.makeText(getApplicationContext(), "Login Successful", Toast.LENGTH_SHORT).show();
Intent intent = new Intent(getApplicationContext(), MainActivity.class);
@ -106,5 +120,28 @@ public class Login extends AppCompatActivity {
}
}
private byte[] getSaltForUser(String email){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
String saltFromData = sharedPreferences.getString("salt_" + email, "err");
return Base64.getDecoder().decode(saltFromData);
}
private static String hashPassword(String password, byte[] salt){
int iteratiions = 1000;
int keyLen = 256;
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iteratiions, keyLen);
try{
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
byte[] hashedPassword = secretKey.getEncoded();
return Base64.getEncoder().encodeToString(hashedPassword);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return null;
}
}
}

4
app/src/main/java/com/example/bsm_notatnik/MainActivity.java
View File

@ -59,7 +59,7 @@ public class MainActivity extends AppCompatActivity {
}
private void showPasswordChangeDialog(){
// Inflate the dialog layout
// Inflate the dialog layout
LayoutInflater inflater = getLayoutInflater();
View dialogView = inflater.inflate(R.layout.password_change_dialog, null);
@ -93,7 +93,7 @@ public class MainActivity extends AppCompatActivity {
builder.setNegativeButton("Cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialogInterface, int i) {
// User canceled the password change
dialogInterface.dismiss();
}
});

51
app/src/main/java/com/example/bsm_notatnik/Register.java
View File

@ -7,13 +7,23 @@ import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.ProgressBar;
import android.widget.TextView;
import android.widget.Toast;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
import java.security.SecureRandom;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -90,7 +100,13 @@ public class Register extends AppCompatActivity {
return;
}
saveNewUser(email, password);
byte[] salt = generateSalt();
saveSaltForUser(email, salt);
String hashPassword = hashPassword(password, salt);
saveNewUser(email, hashPassword);
Toast.makeText(Register.this, "Konto utworzone z email: " + email + " oraz hasłem: " + password, Toast.LENGTH_SHORT).show();
editTextEmail.setText("");
editTextPassword.setText("");
@ -127,5 +143,38 @@ public class Register extends AppCompatActivity {
return matcher.matches();
}
private void saveSaltForUser(String email, byte[] salt){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
String saltString = Base64.getEncoder().encodeToString(salt);
editor.putString("salt_" + email, saltString);
editor.apply();
}
private static byte[] generateSalt(){
SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);
return salt;
}
private static String hashPassword(String password, byte[] salt){
int iteratiions = 1000;
int keyLen = 256;
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iteratiions, keyLen);
try{
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
byte[] hashedPassword = secretKey.getEncoded();
return Base64.getEncoder().encodeToString(hashedPassword);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return null;
}
}
}