Password-Based Key Derivation

In this example, a 
String
 that represents the user’s password has been hardcoded at 
the top of 
EncryptedFileRepository.kt
: 
val passwordString = "Swordfish"
.
Find 
encrypt
 and add the code inside the empty 
try
 block, replacing the 
TODO
:
// 1
 
val
 random = SecureRandom() 
// 2
 
val
 salt = ByteArray(
256
) 
// 3
 
random.nextBytes(salt)
Here’s how it works:
1. Generate a random value using the 
SecureRandom
 class. This guarantees the 
output is difficult to predict as 
SecureRandom
 is a cryptograpically strong 
random number generator.
2. Create a 
ByteArray
 of 256 bytes to store the 
salt
.
3. Pass the salt to 
nextBytes
 which will fill the array with 256 random bytes.
Next, add the following code to the 
random.nextBytes
 call to 
salt
 the password.
// 4
 
val
 passwordChar = passwordString.toCharArray()  
// 5
 
val
 pbKeySpec = PBEKeySpec(passwordChar, salt, 
1324
, 
256
) 
//1324 
iterations
 
// 6
 
val
 secretKeyFactory = 
SecretKeyFactory.getInstance(
"PBKDF2WithHmacSHA1"
) 
// 7
 
val
 keyBytes = 
secretKeyFactory.generateSecret(pbKeySpec).encoded 
// 8
 
val
 keySpec = SecretKeySpec(keyBytes, 
"AES"
)
Here’s how it works:
4. Convert the password into a character array.
5. Pass the password in 
char[]
 form, along with the salt, to 
PBEKeySpec
, as well as 
the number of iterations, 
1324
, and the size of the key, 
256
. Increasing the 
number of iterations also increases the time it would take to operate on a set of 
keys during a brute-force attack.
Saving Data on Android
Chapter 1: Using Files
raywenderlich.com
33

6. Generate an instance of a 
SecretKeyFactory
 using 

Download 19,28 Mb.

Do'stlaringiz bilan baham: