Improve crypto hashing APIs to add salt #1517

ldclakmal · 2021-06-22T06:25:54Z

Description:
The current hashing APIs of ballerina/crypto library does not support to add "salt".
Ex. crypto:hashSha256(password)

It would better to improve the existing APIs for the above use case.
Suggested API: public isolated function hashSha256(byte[] input, byte[] salt) returns byte[]

Java Implementation:

SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);

byte[] password = "alice@123".getBytes();

MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(salt);
byte[] hashedPassword = md.digest(password);

With this approach, there can be another requirement for the use cases of secure random generators. Refer to the "Secure Random Number" section under "Crypto" tab of "[Research] Comparison on Ballerina Security Features / APIs" [1].

Also, there should be a hash verification API as well.

[1] https://docs.google.com/spreadsheets/d/1PyMAlAvgkEL0RpW8CVUj1ccW_61Vm6SMbvadFVYRpSA/edit?usp=sharing

The text was updated successfully, but these errors were encountered:

ldclakmal added Type/Improvement module/crypto Team/PCM Protocol connector packages related issues Area/Security Issues related to stdlib security labels Jun 22, 2021

ldclakmal self-assigned this Jul 6, 2021

ldclakmal mentioned this issue Jul 12, 2021

Improve hash APIs for cryptographic salt ballerina-platform/module-ballerina-crypto#228

Merged

3 tasks

ldclakmal added this to the Swan Lake Beta3 milestone Jul 15, 2021

ldclakmal closed this as completed in ballerina-platform/module-ballerina-crypto#228 Jul 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve crypto hashing APIs to add salt #1517

Improve crypto hashing APIs to add salt #1517

ldclakmal commented Jun 22, 2021

Improve crypto hashing APIs to add salt #1517

Improve crypto hashing APIs to add salt #1517

Comments

ldclakmal commented Jun 22, 2021