HashGenerator is a class used for creating hexadecimal hashes for multiple types of input data.
Supported input formats:
It supports any of the hash algorithms that are supported by the Java SE 8
MessageDigest.digest() class/method. See the MessageDigest section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.
NOTE: that the unit tests in this project DO NOT test the usage of the
MD2 digest algorithm as it has not been included in openssl since openssl-0.9.8m (2010-02-25), and is not in general use anymore.
The class is thread safe depending on how it is instantiated and/or called. Used in the following manner it is thread safe:
// Calling static methods String sha1Hash = HashGenerator.createHash("This is a test", "UTF-8", HashAlgorithm.SHA1SUM);
Used in the following manner thread safety must be taken into account by the calling code:
// Calling member methods on a HashGenerator Instances HashGenerator hashGenerator = new HashGenerator(HashAlgorithm.SHA1SUM); String sha1Hash = hashGenerator.createHash("This is a test", "UTF-8");
When the createHash methods are called on a HashGenerator instance, synchronization must be handled by the calling code or their must only be a single thread making calls into the HashGenerator instance.
The reason for this design is to enable the user to optimize for either “built-in” synchronization (usage of the static methods), or optimize for fewer Objects on the heap to be garbage collected.
In the case where there is a high rate and volume of calls to the
HashGenerator static methods, resulting in garbage collection causing performance issues, the programmer can opt to instantiate a
HashGenerator. Then calls to the instance can be limited to a single thread, or the calling code can wrap the
HashGenerator in synchronized methods.
To use the HashGenerator to hash passwords, use the methods
createHash(char, HashAlgorithm) as this enables the caller to wipe the character array input by overwriting every element in the array with
0x0 after creating a hash.
DO NOT USE String as input data for hashing passwords as String objects cannot be deterministically overwritten or garbage collected by the JVM.
To hash PINs or other sensitive numeric data use any of the methods which accept primitive types as input and make sure to use and pass in primitive types and not their corollary wrapper classes.