Java Cryptography Basics On Skillshare
Written by Nikos Vaggalis   
Thursday, 25 February 2016

Password encryption is currently a hot topic so a new course covering crypto hashing algorithms in Java seems a worthwhile way to gain some knowledge of the topic.

It normally costs $10 per month to join Skillshare, an online learning community which offers over 3,000 courses on a wide range of subjects. Skillshare is currently running an offer of $0.99 for 3 months, which was an attractive incentive to try it out. 

Java Cryptography Architecture: Hashing and Secure Password Hashing is a new video based course by Frank Hissen of IT Security Development & Consulting. It goes through the very basics of Java's crypto hashing algorithms such as MD5, HMAC and PBKDF2 in a little over half an hour.

The Setup

The first video goes through the prerequisites needed for trying out the coding examples yourself. These are JDK 1.8 as it contains all of the latest encryption providers, any Eclipse IDE version and the Apache Commons Codecs Library, which is used in most examples since it exposes an API that is much easier to work with than the inherent JDK one.

Simple Hashing Example
The course begins with the instructor performing simple MD5 hashing over a sample string by instantiating the message digest and feeding it the string's representation in bytes. He warns that when switching platforms and because the digest works on byte arrays,it is best to be explicit about the character set when converting from string format to byte format (getBytes("UTF8")) to avoid portability related issues.

Real-world Hashing Example
For this exercise we have to download a zip archive together with its publicly available MD5 hash value and then to write a short utility class that will apply MD5 hashing to the archive and verify the produced hash against the downloaded hash.

Efficient stream-based Hashing
The last example but now more efficient since we're not reading the whole zip file in memory but instead consume it through an I/O based stream.

 

 

Message Authentication Code (MAC)
It's time to switch from the simple MD5 algorithm to the keyed HMACMD5 one which uses both a password (key) and the MD5 as its underlying hashing algorithm, suited for message authentication.

Secure Password Hashing with PBKDF2-PKCS#5
HMAC might be ok for message authentication but for password hashing,i.e used to authenticate against a web site and storing the hashed password in a database,the recommended algorithm is PBKDF2. Because Java does not have an inherent PBKDF2 implementation, Bouncy Castle's version is used. The instructor has prepared a Java package including that implementation, and  has made it available to the course's students for download.

A nice side effect of using the prepared package is that you get to take a look at PBKDF2's actual implementation,which despite its severity, spans only 90 lines of code, newlines included!

The last part explores a few wrapper libraries over the Java crypto services, that offer a much easier to consume interface.

All in all,Java Cryptography Architecture was a quick,spanning just 36 minutes, and easy to follow course,skimming through the basics of Java based hashing facilities, ideal as a starting point to tackling cryptography on the Java platform.

Frank Hissen offers another encryption course File Encryption Basics and Practices with CrococryptFile on the Skillshare platform.

As a Skillshare member you not only have the opportunity to learn but also to create courses and earn royalties by sharing them with a worldwide audience. It claims an audience of 1.1 million students and to have paid more than $5 million to its teachers.

 

More Information

Skillshare Java Cryptography Architecture: Hashing and Secure Password Hashing

Related Articles

To be informed about new articles on I Programmer, sign up for our weekly newsletter,subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin

 

Banner


Coursera Professional Certificates In AI
08/10/2019

Machine Learning, Deep Learning, Neural Networks - not only do we trip over them at every other turn, the message that they are the way of the future is constantly reiterated. Coursera, in partnership [ ... ]



Node-RED IoT Tool 1.0 Released
11/10/2019

Node-RED has reached version 1.0 with improvements including a new asynchronous message passing model,  and a new Node Send API.


More News

 

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Thursday, 25 February 2016 )