No -- I've always been fortunate enough to have Bouncy Castle or similar packages available, and haven't had to implement it myself. I *have* implemented similar things in the distant past before we knew quite as much about the problems and solutions. I.e. with a salt, with an insecure hash function, without iteration. We're talking pre-RSA here. (I have an original copy of the original RSA paper, which I obtained prior to the NSA's attempt at getting it banned!).
My goal wasn't to explain how to code it, but rather how it works, so you understand, for example, the role of the salt (so you use a SecureRandom to generate it, not some constant!) and the role of the iteration count, so you know how to set that to something reasonable -- i.e., not "1" like on the Blackberry. I highly recommend not coding it yourself, unless you're undertaking a serious study of cryptography. Otherwise, it's a waste of time and potential source of bugs, even though it's not all that complicated. On Tuesday, May 10, 2011 9:00:58 PM UTC-7, Nikolay Elenkov wrote: > > On Wed, May 11, 2011 at 7:34 AM, Bob Kerns <r...@acm.org> wrote: > > > More precisely, you iterate this: > > hash = f(hash) > > where f is some function that is expensive, and does not collapse the > space > > of possible values into some smaller set. One way to accomplish this > would > > be: > > f(hash) = hash <xor> sha1(hash). > > I went with SHA1 above, because I want to tie this to PBKDF2, which > Nikolay > > referenced. > > Do you mean you implemented this yourself? Not that it's too hard to do, > but > Android has the Bouncy Castle JCE provider, so all you have to do is > usually: > > SecretKeyFactory factory = SecretKeyFactory.getInstance(KEYGEN_ALGORITHM) > KeySpec keySpec = new PBEKeySpec(password, salt, numInterations, keyLen); > SecretKey key = factory.generateSecret(keySpec); > > where KEYGEN_ALGORITHM is a supported PBE algorithm. > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
