Package org.apache.shiro.crypto.hash

Interface HashService

  • All Known Subinterfaces:
    ConfigurableHashService
    All Known Implementing Classes:
    DefaultHashService
    public interface HashService
    A HashService hashes input sources utilizing a particular hashing strategy.

    A HashService sits at a higher architectural level than Shiro's simple Hash classes: it allows for salting and iteration-related strategies to be configured and internalized in a single component that can be re-used in multiple places in the application.

    For example, for the most secure hashes, it is highly recommended to use a randomly generated salt, potentially paired with an configuration-specific private salt, in addition to using multiple hash iterations.

    While one can do this easily enough using Shiro's Hash implementations directly, this direct approach could quickly lead to copy-and-paste behavior. For example, consider this logic which might need to repeated in an application: 

     int numHashIterations = ...
 ByteSource privateSalt = ...
 ByteSource randomSalt = randomNumberGenerator.nextBytes();
 ByteSource combined = combine(privateSalt, randomSalt);
 Hash hash = Sha512Hash(source, combined, numHashIterations);
 save(hash);
    In this example, often only the input source will change during runtime, while the hashing strategy (how salts are generated or acquired, how many hash iterations will be performed, etc) usually remain consistent. A HashService internalizes this logic so the above becomes simply this: 
     HashRequest request = new HashRequest.Builder().source(source).build();
 Hash result = hashService.hash(request);
 save(result);
    Since:
    1.2

    • Method Detail

      • computeHash

        Hash computeHash​(HashRequest request)
        Computes a hash based on the given request.

        Salt Notice

        If a salt accompanies the return value (i.e. returnedHash.getSalt() != null), this same exact salt MUST be presented back to the HashService if hash comparison/verification will be performed at a later time (for example, for password hash or file checksum comparison).

        For additional security, the HashService's internal implementation may use more complex salting strategies than what would be achieved by computing a Hash manually.

        In summary, if a HashService returns a salt in a returned Hash, it is expected that the same salt will be provided to the same HashService instance.

        Parameters:
        request - the request to process
        Returns:
        the hashed data
        See Also:
        Hash.getSalt()