In cryptography, a "salt" is an extra piece of data which is included when hashing a password. This makes rainbow-table attacks
more
difficult. Using a cryptographic hash function without an unpredictable salt increases the likelihood that an attacker could successfully find the
hash value in databases of precomputed hashes (called rainbow-tables
).
This rule raises an issue when a hashing function which has been specifically designed for hashing passwords, such as PBKDF2
, is used
with a non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as sha1
or md5
as they should not be used to hash passwords.
Recommended Secure Coding Practices
- Use hashing functions generating their own secure salt or generate a secure random value of at least 16 bytes.
- The salt should be unique by user password.
Noncompliant Code Example
Below, the hashed password use a predictable salt:
byte[] salt = "notrandom".getBytes();
PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, 10000); // Noncompliant, predictable salt
PBEKeySpec spec = new PBEKeySpec(chars, salt, 10000, 256); // Noncompliant, predictable salt
Compliant Solution
Use java.security.SecureRandom
to generate an unpredictable salt:
SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);
PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, 10000); // Compliant
PBEKeySpec spec = new PBEKeySpec(chars, salt, 10000, 256); // Compliant
See