Hashing a Password in Java

1. Create an instance of SecretKeyFactory using the desired algorithm (see. https://docs.oracle.com/javase/8/docs/api/index.html?javax/crypto/SecretKeyFactory.html) like the following:

   SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");

   Note: The PBKDF2WithHmacSHA512 is the algorithm to construct the secret key using the Password-Based Key Derivation Function.

2. Synthesize the raw materials into the instance of PBEKeySpec using the following syntax:

   PBEKeySpec spec = new PBEKeySpec( <PASSWORD>, <SALT>, <ITERATIONS>, <KEY_LENGTH> );

   Parameter	Description
   <PASSWORD>	The raw password (i.e. in array of chars)
   <SALT>	A text (i.e. in array of bytes) that will be included to password.
   <ITERATIONS>	The desired number of iterations that the <PASSWORD> along with the <SALT> will be encoded. The higher the number the better to deter some kind of attack (e.g. rainbow).
   <KEY_LENGTH>	The length (i.e. in bits) of the key. Normally you can find this value on the algorithm name (e.g. PBKDF2WithHmacSHA512).

3. Create a SecretKey instance using the spec from step 2 using the following:

   SecretKey key = skf.generateSecret(spec);

4. Retrieve the encoded hash using the getEncoded() method of the SecketKey instance like the following:

   byte[] encodedKey = key.getEncoded();

5. Use Base64 encoder to  covert the encoded key to string like the following:

   String base64Str = Base64.getEncoder().encodeToString(encodedKey);

Example code

package xyz.ronella.crypto;

import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;

public class PasswordHashing {
    public static void main(String[] args) {
        try {
            SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");

            PBEKeySpec spec = new PBEKeySpec("PASSWORD".toCharArray(), "SALT".getBytes(), 10000, 512);
            SecretKey key = skf.generateSecret(spec);

            byte[] encodedKey = key.getEncoded();
            String base64Str = Base64.getEncoder().encodeToString(encodedKey);

            System.out.println(base64Str);

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (InvalidKeySpecException e) {
            e.printStackTrace();
        }
    }
}