# Guardado de contraseñas

Hash + salt

In [7]:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;

public class PasswordHasher {

    // Generar un salt aleatorio
    public static byte[] generateSalt(int length) {
        byte[] salt = new byte[length];
        SecureRandom rng = new SecureRandom();
        rng.nextBytes(salt);
        return salt;
    }

    // Hash de la contraseña combinando la contraseña y el salt
    public static String hashPassword(String password, byte[] salt) throws NoSuchAlgorithmException {
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");

        // Convertir la contraseña a bytes y concatenar con el salt
        byte[] passwordBytes = password.getBytes();
        byte[] saltedPassword = new byte[passwordBytes.length + salt.length];

        System.arraycopy(passwordBytes, 0, saltedPassword, 0, passwordBytes.length);
        System.arraycopy(salt, 0, saltedPassword, passwordBytes.length, salt.length);

        // Generar el hash
        byte[] hash = sha256.digest(saltedPassword);
        StringBuilder hexString = new StringBuilder();
        for (byte b : hash) {
            hexString.append(String.format("%02x", b));
        }
        return hexString.toString();
    }

    public static boolean verifyPassword(String enteredPassword, String storedHash, byte[] storedSalt) throws NoSuchAlgorithmException {
        String hashOfEnteredPassword = hashPassword(enteredPassword, storedSalt);
        return hashOfEnteredPassword.equalsIgnoreCase(storedHash);
    }

    public static void main(String[] args) {
        try {
            // Generar un salt
            byte[] salt = generateSalt(16);
            System.out.println("Salt: " + Arrays.toString(salt));

            // Hash de la contraseña
            String password = "123abc.";
            String hashedPassword = hashPassword(password, salt);
            System.out.println("Hash de la contraseña: " + hashedPassword);
            String password2 = "123abc.";
            System.out.println(PasswordHasher.verifyPassword(password2, hashedPassword, salt) ? "Igual" : "Diferente"); // True
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
    }
}
PasswordHasher.main(null);

Salt: [52, 34, -82, -100, 59, -65, -49, -7, -99, 48, -76, 54, 60, 21, 6, -90]
Hash de la contraseña: 0304d6a7339ad24b61ff7267253c0ce2c07d91ad7df412a2c14b0fe3ee9a9f55
Diferente
