commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ggreg...@apache.org
Subject svn commit: r891687 [11/12] - in /websites/production/commons/content/proper/commons-codec: ./ apidocs/ apidocs/org/apache/commons/codec/ apidocs/org/apache/commons/codec/binary/ apidocs/org/apache/commons/codec/binary/class-use/ apidocs/org/apache/com...
Date Tue, 24 Dec 2013 20:40:32 GMT
Modified: websites/production/commons/content/proper/commons-codec/xref/org/apache/commons/codec/digest/Sha2Crypt.html
==============================================================================
--- websites/production/commons/content/proper/commons-codec/xref/org/apache/commons/codec/digest/Sha2Crypt.html (original)
+++ websites/production/commons/content/proper/commons-codec/xref/org/apache/commons/codec/digest/Sha2Crypt.html Tue Dec 24 20:40:26 2013
@@ -44,8 +44,8 @@
 <a class="jxr_linenumber" name="34" href="#34">34</a>  <em class="jxr_javadoccomment"> * into the Public Domain.</em>
 <a class="jxr_linenumber" name="35" href="#35">35</a>  <em class="jxr_javadoccomment"> * &lt;p&gt;</em>
 <a class="jxr_linenumber" name="36" href="#36">36</a>  <em class="jxr_javadoccomment"> * This class is immutable and thread-safe.</em>
-<a class="jxr_linenumber" name="37" href="#37">37</a>  <em class="jxr_javadoccomment"> *</em>
-<a class="jxr_linenumber" name="38" href="#38">38</a>  <em class="jxr_javadoccomment"> * @version $Id: Sha2Crypt.java 1435550 2013-01-19 14:09:52Z tn $</em>
+<a class="jxr_linenumber" name="37" href="#37">37</a>  <em class="jxr_javadoccomment"> * </em>
+<a class="jxr_linenumber" name="38" href="#38">38</a>  <em class="jxr_javadoccomment"> * @version $Id: Sha2Crypt.java 1552696 2013-12-20 15:01:34Z ggregory $</em>
 <a class="jxr_linenumber" name="39" href="#39">39</a>  <em class="jxr_javadoccomment"> * @since 1.7</em>
 <a class="jxr_linenumber" name="40" href="#40">40</a>  <em class="jxr_javadoccomment"> */</em>
 <a class="jxr_linenumber" name="41" href="#41">41</a>  <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../../org/apache/commons/codec/digest/Sha2Crypt.html">Sha2Crypt</a> {
@@ -82,461 +82,477 @@
 <a class="jxr_linenumber" name="72" href="#72">72</a>  <em class="jxr_javadoccomment">     * Generates a libc crypt() compatible "$5$" hash value with random salt.</em>
 <a class="jxr_linenumber" name="73" href="#73">73</a>  <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
 <a class="jxr_linenumber" name="74" href="#74">74</a>  <em class="jxr_javadoccomment">     * See {@link Crypt#crypt(String, String)} for details.</em>
-<a class="jxr_linenumber" name="75" href="#75">75</a>  <em class="jxr_javadoccomment">     *</em>
-<a class="jxr_linenumber" name="76" href="#76">76</a>  <em class="jxr_javadoccomment">     * @throws RuntimeException</em>
-<a class="jxr_linenumber" name="77" href="#77">77</a>  <em class="jxr_javadoccomment">     *             when a {@link java.security.NoSuchAlgorithmException} is caught.</em>
-<a class="jxr_linenumber" name="78" href="#78">78</a>  <em class="jxr_javadoccomment">     */</em>
-<a class="jxr_linenumber" name="79" href="#79">79</a>      <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String sha256Crypt(<strong class="jxr_keyword">final</strong> byte[] keyBytes) {
-<a class="jxr_linenumber" name="80" href="#80">80</a>          <strong class="jxr_keyword">return</strong> sha256Crypt(keyBytes, <strong class="jxr_keyword">null</strong>);
-<a class="jxr_linenumber" name="81" href="#81">81</a>      }
-<a class="jxr_linenumber" name="82" href="#82">82</a>  
-<a class="jxr_linenumber" name="83" href="#83">83</a>      <em class="jxr_javadoccomment">/**</em>
-<a class="jxr_linenumber" name="84" href="#84">84</a>  <em class="jxr_javadoccomment">     * Generates a libc6 crypt() compatible "$5$" hash value.</em>
-<a class="jxr_linenumber" name="85" href="#85">85</a>  <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
-<a class="jxr_linenumber" name="86" href="#86">86</a>  <em class="jxr_javadoccomment">     * See {@link Crypt#crypt(String, String)} for details.</em>
-<a class="jxr_linenumber" name="87" href="#87">87</a>  <em class="jxr_javadoccomment">     *</em>
-<a class="jxr_linenumber" name="88" href="#88">88</a>  <em class="jxr_javadoccomment">     * @throws IllegalArgumentException</em>
-<a class="jxr_linenumber" name="89" href="#89">89</a>  <em class="jxr_javadoccomment">     *             if the salt does not match the allowed pattern</em>
-<a class="jxr_linenumber" name="90" href="#90">90</a>  <em class="jxr_javadoccomment">     * @throws RuntimeException</em>
-<a class="jxr_linenumber" name="91" href="#91">91</a>  <em class="jxr_javadoccomment">     *             when a {@link java.security.NoSuchAlgorithmException} is caught.</em>
-<a class="jxr_linenumber" name="92" href="#92">92</a>  <em class="jxr_javadoccomment">     */</em>
-<a class="jxr_linenumber" name="93" href="#93">93</a>      <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String sha256Crypt(<strong class="jxr_keyword">final</strong> byte[] keyBytes, String salt) {
-<a class="jxr_linenumber" name="94" href="#94">94</a>          <strong class="jxr_keyword">if</strong> (salt == <strong class="jxr_keyword">null</strong>) {
-<a class="jxr_linenumber" name="95" href="#95">95</a>              salt = SHA256_PREFIX + B64.getRandomSalt(8);
-<a class="jxr_linenumber" name="96" href="#96">96</a>          }
-<a class="jxr_linenumber" name="97" href="#97">97</a>          <strong class="jxr_keyword">return</strong> sha2Crypt(keyBytes, salt, SHA256_PREFIX, SHA256_BLOCKSIZE, MessageDigestAlgorithms.SHA_256);
-<a class="jxr_linenumber" name="98" href="#98">98</a>      }
-<a class="jxr_linenumber" name="99" href="#99">99</a>  
-<a class="jxr_linenumber" name="100" href="#100">100</a>     <em class="jxr_javadoccomment">/**</em>
-<a class="jxr_linenumber" name="101" href="#101">101</a> <em class="jxr_javadoccomment">     * Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.</em>
-<a class="jxr_linenumber" name="102" href="#102">102</a> <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
-<a class="jxr_linenumber" name="103" href="#103">103</a> <em class="jxr_javadoccomment">     * This is a nearly line by line conversion of the original C function. The numbered comments are from the</em>
-<a class="jxr_linenumber" name="104" href="#104">104</a> <em class="jxr_javadoccomment">     * algorithm description, the short C-style ones from the original C code and the ones with "Remark" from me.</em>
-<a class="jxr_linenumber" name="105" href="#105">105</a> <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
-<a class="jxr_linenumber" name="106" href="#106">106</a> <em class="jxr_javadoccomment">     * See {@link Crypt#crypt(String, String)} for details.</em>
-<a class="jxr_linenumber" name="107" href="#107">107</a> <em class="jxr_javadoccomment">     *</em>
-<a class="jxr_linenumber" name="108" href="#108">108</a> <em class="jxr_javadoccomment">     * @param keyBytes</em>
-<a class="jxr_linenumber" name="109" href="#109">109</a> <em class="jxr_javadoccomment">     *            plaintext that should be hashed</em>
-<a class="jxr_linenumber" name="110" href="#110">110</a> <em class="jxr_javadoccomment">     * @param salt</em>
-<a class="jxr_linenumber" name="111" href="#111">111</a> <em class="jxr_javadoccomment">     *            real salt value without prefix or "rounds="</em>
-<a class="jxr_linenumber" name="112" href="#112">112</a> <em class="jxr_javadoccomment">     * @param saltPrefix</em>
-<a class="jxr_linenumber" name="113" href="#113">113</a> <em class="jxr_javadoccomment">     *            either $5$ or $6$</em>
-<a class="jxr_linenumber" name="114" href="#114">114</a> <em class="jxr_javadoccomment">     * @param blocksize</em>
-<a class="jxr_linenumber" name="115" href="#115">115</a> <em class="jxr_javadoccomment">     *            a value that differs between $5$ and $6$</em>
-<a class="jxr_linenumber" name="116" href="#116">116</a> <em class="jxr_javadoccomment">     * @param algorithm</em>
-<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment">     *            {@link MessageDigest} algorithm identifier string</em>
-<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment">     * @return complete hash value including prefix and salt</em>
-<a class="jxr_linenumber" name="119" href="#119">119</a> <em class="jxr_javadoccomment">     * @throws IllegalArgumentException</em>
-<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment">     *             if the given salt is {@code null} or does not match the allowed pattern</em>
-<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment">     * @throws IllegalArgumentException</em>
-<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment">     *             when a {@link NoSuchAlgorithmException} is caught</em>
-<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment">     * @see MessageDigestAlgorithms</em>
-<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment">     */</em>
-<a class="jxr_linenumber" name="125" href="#125">125</a>     <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> String sha2Crypt(<strong class="jxr_keyword">final</strong> byte[] keyBytes, <strong class="jxr_keyword">final</strong> String salt, <strong class="jxr_keyword">final</strong> String saltPrefix,
-<a class="jxr_linenumber" name="126" href="#126">126</a>                                     <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> blocksize, <strong class="jxr_keyword">final</strong> String algorithm) {
-<a class="jxr_linenumber" name="127" href="#127">127</a> 
-<a class="jxr_linenumber" name="128" href="#128">128</a>         <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> keyLen = keyBytes.length;
-<a class="jxr_linenumber" name="129" href="#129">129</a> 
-<a class="jxr_linenumber" name="130" href="#130">130</a>         <em class="jxr_comment">// Extracts effective salt and the number of rounds from the given salt.</em>
-<a class="jxr_linenumber" name="131" href="#131">131</a>         <strong class="jxr_keyword">int</strong> rounds = ROUNDS_DEFAULT;
-<a class="jxr_linenumber" name="132" href="#132">132</a>         <strong class="jxr_keyword">boolean</strong> roundsCustom = false;
-<a class="jxr_linenumber" name="133" href="#133">133</a>         <strong class="jxr_keyword">if</strong> (salt == <strong class="jxr_keyword">null</strong>) {
-<a class="jxr_linenumber" name="134" href="#134">134</a>             <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalArgumentException(<span class="jxr_string">"Salt must not be null"</span>);
-<a class="jxr_linenumber" name="135" href="#135">135</a>         }
-<a class="jxr_linenumber" name="136" href="#136">136</a> 
-<a class="jxr_linenumber" name="137" href="#137">137</a>         <strong class="jxr_keyword">final</strong> Matcher m = SALT_PATTERN.matcher(salt);
-<a class="jxr_linenumber" name="138" href="#138">138</a>         <strong class="jxr_keyword">if</strong> (m == <strong class="jxr_keyword">null</strong> || !m.find()) {
-<a class="jxr_linenumber" name="139" href="#139">139</a>             <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalArgumentException(<span class="jxr_string">"Invalid salt value: "</span> + salt);
-<a class="jxr_linenumber" name="140" href="#140">140</a>         }
-<a class="jxr_linenumber" name="141" href="#141">141</a>         <strong class="jxr_keyword">if</strong> (m.group(3) != <strong class="jxr_keyword">null</strong>) {
-<a class="jxr_linenumber" name="142" href="#142">142</a>             rounds = Integer.parseInt(m.group(3));
-<a class="jxr_linenumber" name="143" href="#143">143</a>             rounds = Math.max(ROUNDS_MIN, Math.min(ROUNDS_MAX, rounds));
-<a class="jxr_linenumber" name="144" href="#144">144</a>             roundsCustom = <strong class="jxr_keyword">true</strong>;
-<a class="jxr_linenumber" name="145" href="#145">145</a>         }
-<a class="jxr_linenumber" name="146" href="#146">146</a>         <strong class="jxr_keyword">final</strong> String saltString = m.group(4);
-<a class="jxr_linenumber" name="147" href="#147">147</a>         <strong class="jxr_keyword">final</strong> byte[] saltBytes = saltString.getBytes(Charsets.UTF_8);
-<a class="jxr_linenumber" name="148" href="#148">148</a>         <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> saltLen = saltBytes.length;
-<a class="jxr_linenumber" name="149" href="#149">149</a> 
-<a class="jxr_linenumber" name="150" href="#150">150</a>         <em class="jxr_comment">// 1. start digest A</em>
-<a class="jxr_linenumber" name="151" href="#151">151</a>         <em class="jxr_comment">// Prepare for the real work.</em>
-<a class="jxr_linenumber" name="152" href="#152">152</a>         MessageDigest ctx = DigestUtils.getDigest(algorithm);
-<a class="jxr_linenumber" name="153" href="#153">153</a> 
-<a class="jxr_linenumber" name="154" href="#154">154</a>         <em class="jxr_comment">// 2. the password string is added to digest A</em>
-<a class="jxr_linenumber" name="155" href="#155">155</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="156" href="#156">156</a> <em class="jxr_comment">         * Add the key string.</em>
-<a class="jxr_linenumber" name="157" href="#157">157</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="158" href="#158">158</a>         ctx.update(keyBytes);
-<a class="jxr_linenumber" name="159" href="#159">159</a> 
-<a class="jxr_linenumber" name="160" href="#160">160</a>         <em class="jxr_comment">// 3. the salt string is added to digest A. This is just the salt string</em>
-<a class="jxr_linenumber" name="161" href="#161">161</a>         <em class="jxr_comment">// itself without the enclosing '$', without the magic salt_prefix $5$ and</em>
-<a class="jxr_linenumber" name="162" href="#162">162</a>         <em class="jxr_comment">// $6$ respectively and without the rounds=&lt;N&gt; specification.</em>
-<a class="jxr_linenumber" name="163" href="#163">163</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="164" href="#164">164</a>         <em class="jxr_comment">// NB: the MD5 algorithm did add the $1$ salt_prefix. This is not deemed</em>
-<a class="jxr_linenumber" name="165" href="#165">165</a>         <em class="jxr_comment">// necessary since it is a constant string and does not add security</em>
-<a class="jxr_linenumber" name="166" href="#166">166</a>         <em class="jxr_comment">// and /possibly/ allows a plain text attack. Since the rounds=&lt;N&gt;</em>
-<a class="jxr_linenumber" name="167" href="#167">167</a>         <em class="jxr_comment">// specification should never be added this would also create an</em>
-<a class="jxr_linenumber" name="168" href="#168">168</a>         <em class="jxr_comment">// inconsistency.</em>
-<a class="jxr_linenumber" name="169" href="#169">169</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="170" href="#170">170</a> <em class="jxr_comment">         * The last part is the salt string. This must be at most 16 characters and it ends at the first `$' character</em>
-<a class="jxr_linenumber" name="171" href="#171">171</a> <em class="jxr_comment">         * (for compatibility with existing implementations).</em>
-<a class="jxr_linenumber" name="172" href="#172">172</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="173" href="#173">173</a>         ctx.update(saltBytes);
-<a class="jxr_linenumber" name="174" href="#174">174</a> 
-<a class="jxr_linenumber" name="175" href="#175">175</a>         <em class="jxr_comment">// 4. start digest B</em>
-<a class="jxr_linenumber" name="176" href="#176">176</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="177" href="#177">177</a> <em class="jxr_comment">         * Compute alternate sha512 sum with input KEY, SALT, and KEY. The final result will be added to the first</em>
-<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_comment">         * context.</em>
-<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="180" href="#180">180</a>         MessageDigest altCtx = DigestUtils.getDigest(algorithm);
-<a class="jxr_linenumber" name="181" href="#181">181</a> 
-<a class="jxr_linenumber" name="182" href="#182">182</a>         <em class="jxr_comment">// 5. add the password to digest B</em>
-<a class="jxr_linenumber" name="183" href="#183">183</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="184" href="#184">184</a> <em class="jxr_comment">         * Add key.</em>
-<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="186" href="#186">186</a>         altCtx.update(keyBytes);
-<a class="jxr_linenumber" name="187" href="#187">187</a> 
-<a class="jxr_linenumber" name="188" href="#188">188</a>         <em class="jxr_comment">// 6. add the salt string to digest B</em>
-<a class="jxr_linenumber" name="189" href="#189">189</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="190" href="#190">190</a> <em class="jxr_comment">         * Add salt.</em>
-<a class="jxr_linenumber" name="191" href="#191">191</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="192" href="#192">192</a>         altCtx.update(saltBytes);
-<a class="jxr_linenumber" name="193" href="#193">193</a> 
-<a class="jxr_linenumber" name="194" href="#194">194</a>         <em class="jxr_comment">// 7. add the password again to digest B</em>
-<a class="jxr_linenumber" name="195" href="#195">195</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="196" href="#196">196</a> <em class="jxr_comment">         * Add key again.</em>
-<a class="jxr_linenumber" name="197" href="#197">197</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="198" href="#198">198</a>         altCtx.update(keyBytes);
-<a class="jxr_linenumber" name="199" href="#199">199</a> 
-<a class="jxr_linenumber" name="200" href="#200">200</a>         <em class="jxr_comment">// 8. finish digest B</em>
-<a class="jxr_linenumber" name="201" href="#201">201</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="202" href="#202">202</a> <em class="jxr_comment">         * Now get result of this (32 bytes) and add it to the other context.</em>
-<a class="jxr_linenumber" name="203" href="#203">203</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="204" href="#204">204</a>         byte[] altResult = altCtx.digest();
-<a class="jxr_linenumber" name="205" href="#205">205</a> 
-<a class="jxr_linenumber" name="206" href="#206">206</a>         <em class="jxr_comment">// 9. For each block of 32 or 64 bytes in the password string (excluding</em>
-<a class="jxr_linenumber" name="207" href="#207">207</a>         <em class="jxr_comment">// the terminating NUL in the C representation), add digest B to digest A</em>
-<a class="jxr_linenumber" name="208" href="#208">208</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="209" href="#209">209</a> <em class="jxr_comment">         * Add for any character in the key one byte of the alternate sum.</em>
-<a class="jxr_linenumber" name="210" href="#210">210</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="211" href="#211">211</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="212" href="#212">212</a> <em class="jxr_comment">         * (Remark: the C code comment seems wrong for key length &gt; 32!)</em>
-<a class="jxr_linenumber" name="213" href="#213">213</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="214" href="#214">214</a>         <strong class="jxr_keyword">int</strong> cnt = keyBytes.length;
-<a class="jxr_linenumber" name="215" href="#215">215</a>         <strong class="jxr_keyword">while</strong> (cnt &gt; blocksize) {
-<a class="jxr_linenumber" name="216" href="#216">216</a>             ctx.update(altResult, 0, blocksize);
-<a class="jxr_linenumber" name="217" href="#217">217</a>             cnt -= blocksize;
-<a class="jxr_linenumber" name="218" href="#218">218</a>         }
-<a class="jxr_linenumber" name="219" href="#219">219</a> 
-<a class="jxr_linenumber" name="220" href="#220">220</a>         <em class="jxr_comment">// 10. For the remaining N bytes of the password string add the first</em>
-<a class="jxr_linenumber" name="221" href="#221">221</a>         <em class="jxr_comment">// N bytes of digest B to digest A</em>
-<a class="jxr_linenumber" name="222" href="#222">222</a>         ctx.update(altResult, 0, cnt);
-<a class="jxr_linenumber" name="223" href="#223">223</a> 
-<a class="jxr_linenumber" name="224" href="#224">224</a>         <em class="jxr_comment">// 11. For each bit of the binary representation of the length of the</em>
-<a class="jxr_linenumber" name="225" href="#225">225</a>         <em class="jxr_comment">// password string up to and including the highest 1-digit, starting</em>
-<a class="jxr_linenumber" name="226" href="#226">226</a>         <em class="jxr_comment">// from to lowest bit position (numeric value 1):</em>
-<a class="jxr_linenumber" name="227" href="#227">227</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="228" href="#228">228</a>         <em class="jxr_comment">// a) for a 1-digit add digest B to digest A</em>
-<a class="jxr_linenumber" name="229" href="#229">229</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="230" href="#230">230</a>         <em class="jxr_comment">// b) for a 0-digit add the password string</em>
-<a class="jxr_linenumber" name="231" href="#231">231</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="232" href="#232">232</a>         <em class="jxr_comment">// NB: this step differs significantly from the MD5 algorithm. It</em>
-<a class="jxr_linenumber" name="233" href="#233">233</a>         <em class="jxr_comment">// adds more randomness.</em>
-<a class="jxr_linenumber" name="234" href="#234">234</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="235" href="#235">235</a> <em class="jxr_comment">         * Take the binary representation of the length of the key and for every 1 add the alternate sum, for every 0</em>
-<a class="jxr_linenumber" name="236" href="#236">236</a> <em class="jxr_comment">         * the key.</em>
-<a class="jxr_linenumber" name="237" href="#237">237</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="238" href="#238">238</a>         cnt = keyBytes.length;
-<a class="jxr_linenumber" name="239" href="#239">239</a>         <strong class="jxr_keyword">while</strong> (cnt &gt; 0) {
-<a class="jxr_linenumber" name="240" href="#240">240</a>             <strong class="jxr_keyword">if</strong> ((cnt &amp; 1) != 0) {
-<a class="jxr_linenumber" name="241" href="#241">241</a>                 ctx.update(altResult, 0, blocksize);
-<a class="jxr_linenumber" name="242" href="#242">242</a>             } <strong class="jxr_keyword">else</strong> {
-<a class="jxr_linenumber" name="243" href="#243">243</a>                 ctx.update(keyBytes);
-<a class="jxr_linenumber" name="244" href="#244">244</a>             }
-<a class="jxr_linenumber" name="245" href="#245">245</a>             cnt &gt;&gt;= 1;
-<a class="jxr_linenumber" name="246" href="#246">246</a>         }
-<a class="jxr_linenumber" name="247" href="#247">247</a> 
-<a class="jxr_linenumber" name="248" href="#248">248</a>         <em class="jxr_comment">// 12. finish digest A</em>
-<a class="jxr_linenumber" name="249" href="#249">249</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="250" href="#250">250</a> <em class="jxr_comment">         * Create intermediate result.</em>
-<a class="jxr_linenumber" name="251" href="#251">251</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="252" href="#252">252</a>         altResult = ctx.digest();
-<a class="jxr_linenumber" name="253" href="#253">253</a> 
-<a class="jxr_linenumber" name="254" href="#254">254</a>         <em class="jxr_comment">// 13. start digest DP</em>
-<a class="jxr_linenumber" name="255" href="#255">255</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="256" href="#256">256</a> <em class="jxr_comment">         * Start computation of P byte sequence.</em>
-<a class="jxr_linenumber" name="257" href="#257">257</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="258" href="#258">258</a>         altCtx = DigestUtils.getDigest(algorithm);
-<a class="jxr_linenumber" name="259" href="#259">259</a> 
-<a class="jxr_linenumber" name="260" href="#260">260</a>         <em class="jxr_comment">// 14. for every byte in the password (excluding the terminating NUL byte</em>
-<a class="jxr_linenumber" name="261" href="#261">261</a>         <em class="jxr_comment">// in the C representation of the string)</em>
-<a class="jxr_linenumber" name="262" href="#262">262</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="263" href="#263">263</a>         <em class="jxr_comment">// add the password to digest DP</em>
-<a class="jxr_linenumber" name="264" href="#264">264</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="265" href="#265">265</a> <em class="jxr_comment">         * For every character in the password add the entire password.</em>
-<a class="jxr_linenumber" name="266" href="#266">266</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="267" href="#267">267</a>         <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 1; i &lt;= keyLen; i++) {
-<a class="jxr_linenumber" name="268" href="#268">268</a>             altCtx.update(keyBytes);
-<a class="jxr_linenumber" name="269" href="#269">269</a>         }
-<a class="jxr_linenumber" name="270" href="#270">270</a> 
-<a class="jxr_linenumber" name="271" href="#271">271</a>         <em class="jxr_comment">// 15. finish digest DP</em>
+<a class="jxr_linenumber" name="75" href="#75">75</a>  <em class="jxr_javadoccomment">     * </em>
+<a class="jxr_linenumber" name="76" href="#76">76</a>  <em class="jxr_javadoccomment">     * @param keyBytes</em>
+<a class="jxr_linenumber" name="77" href="#77">77</a>  <em class="jxr_javadoccomment">     *            plaintext to hash</em>
+<a class="jxr_linenumber" name="78" href="#78">78</a>  <em class="jxr_javadoccomment">     * @return complete hash value</em>
+<a class="jxr_linenumber" name="79" href="#79">79</a>  <em class="jxr_javadoccomment">     * @throws RuntimeException</em>
+<a class="jxr_linenumber" name="80" href="#80">80</a>  <em class="jxr_javadoccomment">     *             when a {@link java.security.NoSuchAlgorithmException} is caught.</em>
+<a class="jxr_linenumber" name="81" href="#81">81</a>  <em class="jxr_javadoccomment">     */</em>
+<a class="jxr_linenumber" name="82" href="#82">82</a>      <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String sha256Crypt(<strong class="jxr_keyword">final</strong> byte[] keyBytes) {
+<a class="jxr_linenumber" name="83" href="#83">83</a>          <strong class="jxr_keyword">return</strong> sha256Crypt(keyBytes, <strong class="jxr_keyword">null</strong>);
+<a class="jxr_linenumber" name="84" href="#84">84</a>      }
+<a class="jxr_linenumber" name="85" href="#85">85</a>  
+<a class="jxr_linenumber" name="86" href="#86">86</a>      <em class="jxr_javadoccomment">/**</em>
+<a class="jxr_linenumber" name="87" href="#87">87</a>  <em class="jxr_javadoccomment">     * Generates a libc6 crypt() compatible "$5$" hash value.</em>
+<a class="jxr_linenumber" name="88" href="#88">88</a>  <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
+<a class="jxr_linenumber" name="89" href="#89">89</a>  <em class="jxr_javadoccomment">     * See {@link Crypt#crypt(String, String)} for details.</em>
+<a class="jxr_linenumber" name="90" href="#90">90</a>  <em class="jxr_javadoccomment">     * </em>
+<a class="jxr_linenumber" name="91" href="#91">91</a>  <em class="jxr_javadoccomment">     * @param keyBytes</em>
+<a class="jxr_linenumber" name="92" href="#92">92</a>  <em class="jxr_javadoccomment">     *            plaintext to hash</em>
+<a class="jxr_linenumber" name="93" href="#93">93</a>  <em class="jxr_javadoccomment">     * @param salt</em>
+<a class="jxr_linenumber" name="94" href="#94">94</a>  <em class="jxr_javadoccomment">     *            real salt value without prefix or "rounds="</em>
+<a class="jxr_linenumber" name="95" href="#95">95</a>  <em class="jxr_javadoccomment">     * @return complete hash value including salt</em>
+<a class="jxr_linenumber" name="96" href="#96">96</a>  <em class="jxr_javadoccomment">     * @throws IllegalArgumentException</em>
+<a class="jxr_linenumber" name="97" href="#97">97</a>  <em class="jxr_javadoccomment">     *             if the salt does not match the allowed pattern</em>
+<a class="jxr_linenumber" name="98" href="#98">98</a>  <em class="jxr_javadoccomment">     * @throws RuntimeException</em>
+<a class="jxr_linenumber" name="99" href="#99">99</a>  <em class="jxr_javadoccomment">     *             when a {@link java.security.NoSuchAlgorithmException} is caught.</em>
+<a class="jxr_linenumber" name="100" href="#100">100</a> <em class="jxr_javadoccomment">     */</em>
+<a class="jxr_linenumber" name="101" href="#101">101</a>     <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> String sha256Crypt(<strong class="jxr_keyword">final</strong> byte[] keyBytes, String salt) {
+<a class="jxr_linenumber" name="102" href="#102">102</a>         <strong class="jxr_keyword">if</strong> (salt == <strong class="jxr_keyword">null</strong>) {
+<a class="jxr_linenumber" name="103" href="#103">103</a>             salt = SHA256_PREFIX + B64.getRandomSalt(8);
+<a class="jxr_linenumber" name="104" href="#104">104</a>         }
+<a class="jxr_linenumber" name="105" href="#105">105</a>         <strong class="jxr_keyword">return</strong> sha2Crypt(keyBytes, salt, SHA256_PREFIX, SHA256_BLOCKSIZE, MessageDigestAlgorithms.SHA_256);
+<a class="jxr_linenumber" name="106" href="#106">106</a>     }
+<a class="jxr_linenumber" name="107" href="#107">107</a> 
+<a class="jxr_linenumber" name="108" href="#108">108</a>     <em class="jxr_javadoccomment">/**</em>
+<a class="jxr_linenumber" name="109" href="#109">109</a> <em class="jxr_javadoccomment">     * Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.</em>
+<a class="jxr_linenumber" name="110" href="#110">110</a> <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
+<a class="jxr_linenumber" name="111" href="#111">111</a> <em class="jxr_javadoccomment">     * This is a nearly line by line conversion of the original C function. The numbered comments are from the algorithm</em>
+<a class="jxr_linenumber" name="112" href="#112">112</a> <em class="jxr_javadoccomment">     * description, the short C-style ones from the original C code and the ones with "Remark" from me.</em>
+<a class="jxr_linenumber" name="113" href="#113">113</a> <em class="jxr_javadoccomment">     * &lt;p&gt;</em>
+<a class="jxr_linenumber" name="114" href="#114">114</a> <em class="jxr_javadoccomment">     * See {@link Crypt#crypt(String, String)} for details.</em>
+<a class="jxr_linenumber" name="115" href="#115">115</a> <em class="jxr_javadoccomment">     * </em>
+<a class="jxr_linenumber" name="116" href="#116">116</a> <em class="jxr_javadoccomment">     * @param keyBytes</em>
+<a class="jxr_linenumber" name="117" href="#117">117</a> <em class="jxr_javadoccomment">     *            plaintext to hash</em>
+<a class="jxr_linenumber" name="118" href="#118">118</a> <em class="jxr_javadoccomment">     * @param salt</em>
+<a class="jxr_linenumber" name="119" href="#119">119</a> <em class="jxr_javadoccomment">     *            real salt value without prefix or "rounds="</em>
+<a class="jxr_linenumber" name="120" href="#120">120</a> <em class="jxr_javadoccomment">     * @param saltPrefix</em>
+<a class="jxr_linenumber" name="121" href="#121">121</a> <em class="jxr_javadoccomment">     *            either $5$ or $6$</em>
+<a class="jxr_linenumber" name="122" href="#122">122</a> <em class="jxr_javadoccomment">     * @param blocksize</em>
+<a class="jxr_linenumber" name="123" href="#123">123</a> <em class="jxr_javadoccomment">     *            a value that differs between $5$ and $6$</em>
+<a class="jxr_linenumber" name="124" href="#124">124</a> <em class="jxr_javadoccomment">     * @param algorithm</em>
+<a class="jxr_linenumber" name="125" href="#125">125</a> <em class="jxr_javadoccomment">     *            {@link MessageDigest} algorithm identifier string</em>
+<a class="jxr_linenumber" name="126" href="#126">126</a> <em class="jxr_javadoccomment">     * @return complete hash value including prefix and salt</em>
+<a class="jxr_linenumber" name="127" href="#127">127</a> <em class="jxr_javadoccomment">     * @throws IllegalArgumentException</em>
+<a class="jxr_linenumber" name="128" href="#128">128</a> <em class="jxr_javadoccomment">     *             if the given salt is {@code null} or does not match the allowed pattern</em>
+<a class="jxr_linenumber" name="129" href="#129">129</a> <em class="jxr_javadoccomment">     * @throws IllegalArgumentException</em>
+<a class="jxr_linenumber" name="130" href="#130">130</a> <em class="jxr_javadoccomment">     *             when a {@link NoSuchAlgorithmException} is caught</em>
+<a class="jxr_linenumber" name="131" href="#131">131</a> <em class="jxr_javadoccomment">     * @see MessageDigestAlgorithms</em>
+<a class="jxr_linenumber" name="132" href="#132">132</a> <em class="jxr_javadoccomment">     */</em>
+<a class="jxr_linenumber" name="133" href="#133">133</a>     <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> String sha2Crypt(<strong class="jxr_keyword">final</strong> byte[] keyBytes, <strong class="jxr_keyword">final</strong> String salt, <strong class="jxr_keyword">final</strong> String saltPrefix,
+<a class="jxr_linenumber" name="134" href="#134">134</a>             <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> blocksize, <strong class="jxr_keyword">final</strong> String algorithm) {
+<a class="jxr_linenumber" name="135" href="#135">135</a> 
+<a class="jxr_linenumber" name="136" href="#136">136</a>         <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> keyLen = keyBytes.length;
+<a class="jxr_linenumber" name="137" href="#137">137</a> 
+<a class="jxr_linenumber" name="138" href="#138">138</a>         <em class="jxr_comment">// Extracts effective salt and the number of rounds from the given salt.</em>
+<a class="jxr_linenumber" name="139" href="#139">139</a>         <strong class="jxr_keyword">int</strong> rounds = ROUNDS_DEFAULT;
+<a class="jxr_linenumber" name="140" href="#140">140</a>         <strong class="jxr_keyword">boolean</strong> roundsCustom = false;
+<a class="jxr_linenumber" name="141" href="#141">141</a>         <strong class="jxr_keyword">if</strong> (salt == <strong class="jxr_keyword">null</strong>) {
+<a class="jxr_linenumber" name="142" href="#142">142</a>             <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalArgumentException(<span class="jxr_string">"Salt must not be null"</span>);
+<a class="jxr_linenumber" name="143" href="#143">143</a>         }
+<a class="jxr_linenumber" name="144" href="#144">144</a> 
+<a class="jxr_linenumber" name="145" href="#145">145</a>         <strong class="jxr_keyword">final</strong> Matcher m = SALT_PATTERN.matcher(salt);
+<a class="jxr_linenumber" name="146" href="#146">146</a>         <strong class="jxr_keyword">if</strong> (m == <strong class="jxr_keyword">null</strong> || !m.find()) {
+<a class="jxr_linenumber" name="147" href="#147">147</a>             <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalArgumentException(<span class="jxr_string">"Invalid salt value: "</span> + salt);
+<a class="jxr_linenumber" name="148" href="#148">148</a>         }
+<a class="jxr_linenumber" name="149" href="#149">149</a>         <strong class="jxr_keyword">if</strong> (m.group(3) != <strong class="jxr_keyword">null</strong>) {
+<a class="jxr_linenumber" name="150" href="#150">150</a>             rounds = Integer.parseInt(m.group(3));
+<a class="jxr_linenumber" name="151" href="#151">151</a>             rounds = Math.max(ROUNDS_MIN, Math.min(ROUNDS_MAX, rounds));
+<a class="jxr_linenumber" name="152" href="#152">152</a>             roundsCustom = <strong class="jxr_keyword">true</strong>;
+<a class="jxr_linenumber" name="153" href="#153">153</a>         }
+<a class="jxr_linenumber" name="154" href="#154">154</a>         <strong class="jxr_keyword">final</strong> String saltString = m.group(4);
+<a class="jxr_linenumber" name="155" href="#155">155</a>         <strong class="jxr_keyword">final</strong> byte[] saltBytes = saltString.getBytes(Charsets.UTF_8);
+<a class="jxr_linenumber" name="156" href="#156">156</a>         <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> saltLen = saltBytes.length;
+<a class="jxr_linenumber" name="157" href="#157">157</a> 
+<a class="jxr_linenumber" name="158" href="#158">158</a>         <em class="jxr_comment">// 1. start digest A</em>
+<a class="jxr_linenumber" name="159" href="#159">159</a>         <em class="jxr_comment">// Prepare for the real work.</em>
+<a class="jxr_linenumber" name="160" href="#160">160</a>         MessageDigest ctx = DigestUtils.getDigest(algorithm);
+<a class="jxr_linenumber" name="161" href="#161">161</a> 
+<a class="jxr_linenumber" name="162" href="#162">162</a>         <em class="jxr_comment">// 2. the password string is added to digest A</em>
+<a class="jxr_linenumber" name="163" href="#163">163</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="164" href="#164">164</a> <em class="jxr_comment">         * Add the key string.</em>
+<a class="jxr_linenumber" name="165" href="#165">165</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="166" href="#166">166</a>         ctx.update(keyBytes);
+<a class="jxr_linenumber" name="167" href="#167">167</a> 
+<a class="jxr_linenumber" name="168" href="#168">168</a>         <em class="jxr_comment">// 3. the salt string is added to digest A. This is just the salt string</em>
+<a class="jxr_linenumber" name="169" href="#169">169</a>         <em class="jxr_comment">// itself without the enclosing '$', without the magic salt_prefix $5$ and</em>
+<a class="jxr_linenumber" name="170" href="#170">170</a>         <em class="jxr_comment">// $6$ respectively and without the rounds=&lt;N&gt; specification.</em>
+<a class="jxr_linenumber" name="171" href="#171">171</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="172" href="#172">172</a>         <em class="jxr_comment">// NB: the MD5 algorithm did add the $1$ salt_prefix. This is not deemed</em>
+<a class="jxr_linenumber" name="173" href="#173">173</a>         <em class="jxr_comment">// necessary since it is a constant string and does not add security</em>
+<a class="jxr_linenumber" name="174" href="#174">174</a>         <em class="jxr_comment">// and /possibly/ allows a plain text attack. Since the rounds=&lt;N&gt;</em>
+<a class="jxr_linenumber" name="175" href="#175">175</a>         <em class="jxr_comment">// specification should never be added this would also create an</em>
+<a class="jxr_linenumber" name="176" href="#176">176</a>         <em class="jxr_comment">// inconsistency.</em>
+<a class="jxr_linenumber" name="177" href="#177">177</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="178" href="#178">178</a> <em class="jxr_comment">         * The last part is the salt string. This must be at most 16 characters and it ends at the first `$' character</em>
+<a class="jxr_linenumber" name="179" href="#179">179</a> <em class="jxr_comment">         * (for compatibility with existing implementations).</em>
+<a class="jxr_linenumber" name="180" href="#180">180</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="181" href="#181">181</a>         ctx.update(saltBytes);
+<a class="jxr_linenumber" name="182" href="#182">182</a> 
+<a class="jxr_linenumber" name="183" href="#183">183</a>         <em class="jxr_comment">// 4. start digest B</em>
+<a class="jxr_linenumber" name="184" href="#184">184</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="185" href="#185">185</a> <em class="jxr_comment">         * Compute alternate sha512 sum with input KEY, SALT, and KEY. The final result will be added to the first</em>
+<a class="jxr_linenumber" name="186" href="#186">186</a> <em class="jxr_comment">         * context.</em>
+<a class="jxr_linenumber" name="187" href="#187">187</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="188" href="#188">188</a>         MessageDigest altCtx = DigestUtils.getDigest(algorithm);
+<a class="jxr_linenumber" name="189" href="#189">189</a> 
+<a class="jxr_linenumber" name="190" href="#190">190</a>         <em class="jxr_comment">// 5. add the password to digest B</em>
+<a class="jxr_linenumber" name="191" href="#191">191</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="192" href="#192">192</a> <em class="jxr_comment">         * Add key.</em>
+<a class="jxr_linenumber" name="193" href="#193">193</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="194" href="#194">194</a>         altCtx.update(keyBytes);
+<a class="jxr_linenumber" name="195" href="#195">195</a> 
+<a class="jxr_linenumber" name="196" href="#196">196</a>         <em class="jxr_comment">// 6. add the salt string to digest B</em>
+<a class="jxr_linenumber" name="197" href="#197">197</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="198" href="#198">198</a> <em class="jxr_comment">         * Add salt.</em>
+<a class="jxr_linenumber" name="199" href="#199">199</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="200" href="#200">200</a>         altCtx.update(saltBytes);
+<a class="jxr_linenumber" name="201" href="#201">201</a> 
+<a class="jxr_linenumber" name="202" href="#202">202</a>         <em class="jxr_comment">// 7. add the password again to digest B</em>
+<a class="jxr_linenumber" name="203" href="#203">203</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="204" href="#204">204</a> <em class="jxr_comment">         * Add key again.</em>
+<a class="jxr_linenumber" name="205" href="#205">205</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="206" href="#206">206</a>         altCtx.update(keyBytes);
+<a class="jxr_linenumber" name="207" href="#207">207</a> 
+<a class="jxr_linenumber" name="208" href="#208">208</a>         <em class="jxr_comment">// 8. finish digest B</em>
+<a class="jxr_linenumber" name="209" href="#209">209</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="210" href="#210">210</a> <em class="jxr_comment">         * Now get result of this (32 bytes) and add it to the other context.</em>
+<a class="jxr_linenumber" name="211" href="#211">211</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="212" href="#212">212</a>         byte[] altResult = altCtx.digest();
+<a class="jxr_linenumber" name="213" href="#213">213</a> 
+<a class="jxr_linenumber" name="214" href="#214">214</a>         <em class="jxr_comment">// 9. For each block of 32 or 64 bytes in the password string (excluding</em>
+<a class="jxr_linenumber" name="215" href="#215">215</a>         <em class="jxr_comment">// the terminating NUL in the C representation), add digest B to digest A</em>
+<a class="jxr_linenumber" name="216" href="#216">216</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="217" href="#217">217</a> <em class="jxr_comment">         * Add for any character in the key one byte of the alternate sum.</em>
+<a class="jxr_linenumber" name="218" href="#218">218</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="219" href="#219">219</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="220" href="#220">220</a> <em class="jxr_comment">         * (Remark: the C code comment seems wrong for key length &gt; 32!)</em>
+<a class="jxr_linenumber" name="221" href="#221">221</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="222" href="#222">222</a>         <strong class="jxr_keyword">int</strong> cnt = keyBytes.length;
+<a class="jxr_linenumber" name="223" href="#223">223</a>         <strong class="jxr_keyword">while</strong> (cnt &gt; blocksize) {
+<a class="jxr_linenumber" name="224" href="#224">224</a>             ctx.update(altResult, 0, blocksize);
+<a class="jxr_linenumber" name="225" href="#225">225</a>             cnt -= blocksize;
+<a class="jxr_linenumber" name="226" href="#226">226</a>         }
+<a class="jxr_linenumber" name="227" href="#227">227</a> 
+<a class="jxr_linenumber" name="228" href="#228">228</a>         <em class="jxr_comment">// 10. For the remaining N bytes of the password string add the first</em>
+<a class="jxr_linenumber" name="229" href="#229">229</a>         <em class="jxr_comment">// N bytes of digest B to digest A</em>
+<a class="jxr_linenumber" name="230" href="#230">230</a>         ctx.update(altResult, 0, cnt);
+<a class="jxr_linenumber" name="231" href="#231">231</a> 
+<a class="jxr_linenumber" name="232" href="#232">232</a>         <em class="jxr_comment">// 11. For each bit of the binary representation of the length of the</em>
+<a class="jxr_linenumber" name="233" href="#233">233</a>         <em class="jxr_comment">// password string up to and including the highest 1-digit, starting</em>
+<a class="jxr_linenumber" name="234" href="#234">234</a>         <em class="jxr_comment">// from to lowest bit position (numeric value 1):</em>
+<a class="jxr_linenumber" name="235" href="#235">235</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="236" href="#236">236</a>         <em class="jxr_comment">// a) for a 1-digit add digest B to digest A</em>
+<a class="jxr_linenumber" name="237" href="#237">237</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="238" href="#238">238</a>         <em class="jxr_comment">// b) for a 0-digit add the password string</em>
+<a class="jxr_linenumber" name="239" href="#239">239</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="240" href="#240">240</a>         <em class="jxr_comment">// NB: this step differs significantly from the MD5 algorithm. It</em>
+<a class="jxr_linenumber" name="241" href="#241">241</a>         <em class="jxr_comment">// adds more randomness.</em>
+<a class="jxr_linenumber" name="242" href="#242">242</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="243" href="#243">243</a> <em class="jxr_comment">         * Take the binary representation of the length of the key and for every 1 add the alternate sum, for every 0</em>
+<a class="jxr_linenumber" name="244" href="#244">244</a> <em class="jxr_comment">         * the key.</em>
+<a class="jxr_linenumber" name="245" href="#245">245</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="246" href="#246">246</a>         cnt = keyBytes.length;
+<a class="jxr_linenumber" name="247" href="#247">247</a>         <strong class="jxr_keyword">while</strong> (cnt &gt; 0) {
+<a class="jxr_linenumber" name="248" href="#248">248</a>             <strong class="jxr_keyword">if</strong> ((cnt &amp; 1) != 0) {
+<a class="jxr_linenumber" name="249" href="#249">249</a>                 ctx.update(altResult, 0, blocksize);
+<a class="jxr_linenumber" name="250" href="#250">250</a>             } <strong class="jxr_keyword">else</strong> {
+<a class="jxr_linenumber" name="251" href="#251">251</a>                 ctx.update(keyBytes);
+<a class="jxr_linenumber" name="252" href="#252">252</a>             }
+<a class="jxr_linenumber" name="253" href="#253">253</a>             cnt &gt;&gt;= 1;
+<a class="jxr_linenumber" name="254" href="#254">254</a>         }
+<a class="jxr_linenumber" name="255" href="#255">255</a> 
+<a class="jxr_linenumber" name="256" href="#256">256</a>         <em class="jxr_comment">// 12. finish digest A</em>
+<a class="jxr_linenumber" name="257" href="#257">257</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="258" href="#258">258</a> <em class="jxr_comment">         * Create intermediate result.</em>
+<a class="jxr_linenumber" name="259" href="#259">259</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="260" href="#260">260</a>         altResult = ctx.digest();
+<a class="jxr_linenumber" name="261" href="#261">261</a> 
+<a class="jxr_linenumber" name="262" href="#262">262</a>         <em class="jxr_comment">// 13. start digest DP</em>
+<a class="jxr_linenumber" name="263" href="#263">263</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="264" href="#264">264</a> <em class="jxr_comment">         * Start computation of P byte sequence.</em>
+<a class="jxr_linenumber" name="265" href="#265">265</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="266" href="#266">266</a>         altCtx = DigestUtils.getDigest(algorithm);
+<a class="jxr_linenumber" name="267" href="#267">267</a> 
+<a class="jxr_linenumber" name="268" href="#268">268</a>         <em class="jxr_comment">// 14. for every byte in the password (excluding the terminating NUL byte</em>
+<a class="jxr_linenumber" name="269" href="#269">269</a>         <em class="jxr_comment">// in the C representation of the string)</em>
+<a class="jxr_linenumber" name="270" href="#270">270</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="271" href="#271">271</a>         <em class="jxr_comment">// add the password to digest DP</em>
 <a class="jxr_linenumber" name="272" href="#272">272</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="273" href="#273">273</a> <em class="jxr_comment">         * Finish the digest.</em>
+<a class="jxr_linenumber" name="273" href="#273">273</a> <em class="jxr_comment">         * For every character in the password add the entire password.</em>
 <a class="jxr_linenumber" name="274" href="#274">274</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="275" href="#275">275</a>         byte[] tempResult = altCtx.digest();
-<a class="jxr_linenumber" name="276" href="#276">276</a> 
-<a class="jxr_linenumber" name="277" href="#277">277</a>         <em class="jxr_comment">// 16. produce byte sequence P of the same length as the password where</em>
-<a class="jxr_linenumber" name="278" href="#278">278</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="279" href="#279">279</a>         <em class="jxr_comment">// a) for each block of 32 or 64 bytes of length of the password string</em>
-<a class="jxr_linenumber" name="280" href="#280">280</a>         <em class="jxr_comment">// the entire digest DP is used</em>
-<a class="jxr_linenumber" name="281" href="#281">281</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="282" href="#282">282</a>         <em class="jxr_comment">// b) for the remaining N (up to 31 or 63) bytes use the first N</em>
-<a class="jxr_linenumber" name="283" href="#283">283</a>         <em class="jxr_comment">// bytes of digest DP</em>
-<a class="jxr_linenumber" name="284" href="#284">284</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="285" href="#285">285</a> <em class="jxr_comment">         * Create byte sequence P.</em>
-<a class="jxr_linenumber" name="286" href="#286">286</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="287" href="#287">287</a>         <strong class="jxr_keyword">final</strong> byte[] pBytes = <strong class="jxr_keyword">new</strong> byte[keyLen];
-<a class="jxr_linenumber" name="288" href="#288">288</a>         <strong class="jxr_keyword">int</strong> cp = 0;
-<a class="jxr_linenumber" name="289" href="#289">289</a>         <strong class="jxr_keyword">while</strong> (cp &lt; keyLen - blocksize) {
-<a class="jxr_linenumber" name="290" href="#290">290</a>             System.arraycopy(tempResult, 0, pBytes, cp, blocksize);
-<a class="jxr_linenumber" name="291" href="#291">291</a>             cp += blocksize;
-<a class="jxr_linenumber" name="292" href="#292">292</a>         }
-<a class="jxr_linenumber" name="293" href="#293">293</a>         System.arraycopy(tempResult, 0, pBytes, cp, keyLen - cp);
-<a class="jxr_linenumber" name="294" href="#294">294</a> 
-<a class="jxr_linenumber" name="295" href="#295">295</a>         <em class="jxr_comment">// 17. start digest DS</em>
-<a class="jxr_linenumber" name="296" href="#296">296</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="297" href="#297">297</a> <em class="jxr_comment">         * Start computation of S byte sequence.</em>
-<a class="jxr_linenumber" name="298" href="#298">298</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="299" href="#299">299</a>         altCtx = DigestUtils.getDigest(algorithm);
-<a class="jxr_linenumber" name="300" href="#300">300</a> 
-<a class="jxr_linenumber" name="301" href="#301">301</a>         <em class="jxr_comment">// 18. repeast the following 16+A[0] times, where A[0] represents the first</em>
-<a class="jxr_linenumber" name="302" href="#302">302</a>         <em class="jxr_comment">// byte in digest A interpreted as an 8-bit unsigned value</em>
-<a class="jxr_linenumber" name="303" href="#303">303</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="304" href="#304">304</a>         <em class="jxr_comment">// add the salt to digest DS</em>
-<a class="jxr_linenumber" name="305" href="#305">305</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="306" href="#306">306</a> <em class="jxr_comment">         * For every character in the password add the entire password.</em>
-<a class="jxr_linenumber" name="307" href="#307">307</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="308" href="#308">308</a>         <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 1; i &lt;= 16 + (altResult[0] &amp; 0xff); i++) {
-<a class="jxr_linenumber" name="309" href="#309">309</a>             altCtx.update(saltBytes);
-<a class="jxr_linenumber" name="310" href="#310">310</a>         }
-<a class="jxr_linenumber" name="311" href="#311">311</a> 
-<a class="jxr_linenumber" name="312" href="#312">312</a>         <em class="jxr_comment">// 19. finish digest DS</em>
+<a class="jxr_linenumber" name="275" href="#275">275</a>         <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 1; i &lt;= keyLen; i++) {
+<a class="jxr_linenumber" name="276" href="#276">276</a>             altCtx.update(keyBytes);
+<a class="jxr_linenumber" name="277" href="#277">277</a>         }
+<a class="jxr_linenumber" name="278" href="#278">278</a> 
+<a class="jxr_linenumber" name="279" href="#279">279</a>         <em class="jxr_comment">// 15. finish digest DP</em>
+<a class="jxr_linenumber" name="280" href="#280">280</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="281" href="#281">281</a> <em class="jxr_comment">         * Finish the digest.</em>
+<a class="jxr_linenumber" name="282" href="#282">282</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="283" href="#283">283</a>         byte[] tempResult = altCtx.digest();
+<a class="jxr_linenumber" name="284" href="#284">284</a> 
+<a class="jxr_linenumber" name="285" href="#285">285</a>         <em class="jxr_comment">// 16. produce byte sequence P of the same length as the password where</em>
+<a class="jxr_linenumber" name="286" href="#286">286</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="287" href="#287">287</a>         <em class="jxr_comment">// a) for each block of 32 or 64 bytes of length of the password string</em>
+<a class="jxr_linenumber" name="288" href="#288">288</a>         <em class="jxr_comment">// the entire digest DP is used</em>
+<a class="jxr_linenumber" name="289" href="#289">289</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="290" href="#290">290</a>         <em class="jxr_comment">// b) for the remaining N (up to 31 or 63) bytes use the first N</em>
+<a class="jxr_linenumber" name="291" href="#291">291</a>         <em class="jxr_comment">// bytes of digest DP</em>
+<a class="jxr_linenumber" name="292" href="#292">292</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="293" href="#293">293</a> <em class="jxr_comment">         * Create byte sequence P.</em>
+<a class="jxr_linenumber" name="294" href="#294">294</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="295" href="#295">295</a>         <strong class="jxr_keyword">final</strong> byte[] pBytes = <strong class="jxr_keyword">new</strong> byte[keyLen];
+<a class="jxr_linenumber" name="296" href="#296">296</a>         <strong class="jxr_keyword">int</strong> cp = 0;
+<a class="jxr_linenumber" name="297" href="#297">297</a>         <strong class="jxr_keyword">while</strong> (cp &lt; keyLen - blocksize) {
+<a class="jxr_linenumber" name="298" href="#298">298</a>             System.arraycopy(tempResult, 0, pBytes, cp, blocksize);
+<a class="jxr_linenumber" name="299" href="#299">299</a>             cp += blocksize;
+<a class="jxr_linenumber" name="300" href="#300">300</a>         }
+<a class="jxr_linenumber" name="301" href="#301">301</a>         System.arraycopy(tempResult, 0, pBytes, cp, keyLen - cp);
+<a class="jxr_linenumber" name="302" href="#302">302</a> 
+<a class="jxr_linenumber" name="303" href="#303">303</a>         <em class="jxr_comment">// 17. start digest DS</em>
+<a class="jxr_linenumber" name="304" href="#304">304</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="305" href="#305">305</a> <em class="jxr_comment">         * Start computation of S byte sequence.</em>
+<a class="jxr_linenumber" name="306" href="#306">306</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="307" href="#307">307</a>         altCtx = DigestUtils.getDigest(algorithm);
+<a class="jxr_linenumber" name="308" href="#308">308</a> 
+<a class="jxr_linenumber" name="309" href="#309">309</a>         <em class="jxr_comment">// 18. repeast the following 16+A[0] times, where A[0] represents the first</em>
+<a class="jxr_linenumber" name="310" href="#310">310</a>         <em class="jxr_comment">// byte in digest A interpreted as an 8-bit unsigned value</em>
+<a class="jxr_linenumber" name="311" href="#311">311</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="312" href="#312">312</a>         <em class="jxr_comment">// add the salt to digest DS</em>
 <a class="jxr_linenumber" name="313" href="#313">313</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="314" href="#314">314</a> <em class="jxr_comment">         * Finish the digest.</em>
+<a class="jxr_linenumber" name="314" href="#314">314</a> <em class="jxr_comment">         * For every character in the password add the entire password.</em>
 <a class="jxr_linenumber" name="315" href="#315">315</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="316" href="#316">316</a>         tempResult = altCtx.digest();
-<a class="jxr_linenumber" name="317" href="#317">317</a> 
-<a class="jxr_linenumber" name="318" href="#318">318</a>         <em class="jxr_comment">// 20. produce byte sequence S of the same length as the salt string where</em>
-<a class="jxr_linenumber" name="319" href="#319">319</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="320" href="#320">320</a>         <em class="jxr_comment">// a) for each block of 32 or 64 bytes of length of the salt string</em>
-<a class="jxr_linenumber" name="321" href="#321">321</a>         <em class="jxr_comment">// the entire digest DS is used</em>
-<a class="jxr_linenumber" name="322" href="#322">322</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="323" href="#323">323</a>         <em class="jxr_comment">// b) for the remaining N (up to 31 or 63) bytes use the first N</em>
-<a class="jxr_linenumber" name="324" href="#324">324</a>         <em class="jxr_comment">// bytes of digest DS</em>
-<a class="jxr_linenumber" name="325" href="#325">325</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="326" href="#326">326</a> <em class="jxr_comment">         * Create byte sequence S.</em>
-<a class="jxr_linenumber" name="327" href="#327">327</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="328" href="#328">328</a>         <em class="jxr_comment">// Remark: The salt is limited to 16 chars, how does this make sense?</em>
-<a class="jxr_linenumber" name="329" href="#329">329</a>         <strong class="jxr_keyword">final</strong> byte[] sBytes = <strong class="jxr_keyword">new</strong> byte[saltLen];
-<a class="jxr_linenumber" name="330" href="#330">330</a>         cp = 0;
-<a class="jxr_linenumber" name="331" href="#331">331</a>         <strong class="jxr_keyword">while</strong> (cp &lt; saltLen - blocksize) {
-<a class="jxr_linenumber" name="332" href="#332">332</a>             System.arraycopy(tempResult, 0, sBytes, cp, blocksize);
-<a class="jxr_linenumber" name="333" href="#333">333</a>             cp += blocksize;
-<a class="jxr_linenumber" name="334" href="#334">334</a>         }
-<a class="jxr_linenumber" name="335" href="#335">335</a>         System.arraycopy(tempResult, 0, sBytes, cp, saltLen - cp);
-<a class="jxr_linenumber" name="336" href="#336">336</a> 
-<a class="jxr_linenumber" name="337" href="#337">337</a>         <em class="jxr_comment">// 21. repeat a loop according to the number specified in the rounds=&lt;N&gt;</em>
-<a class="jxr_linenumber" name="338" href="#338">338</a>         <em class="jxr_comment">// specification in the salt (or the default value if none is</em>
-<a class="jxr_linenumber" name="339" href="#339">339</a>         <em class="jxr_comment">// present). Each round is numbered, starting with 0 and up to N-1.</em>
-<a class="jxr_linenumber" name="340" href="#340">340</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="341" href="#341">341</a>         <em class="jxr_comment">// The loop uses a digest as input. In the first round it is the</em>
-<a class="jxr_linenumber" name="342" href="#342">342</a>         <em class="jxr_comment">// digest produced in step 12. In the latter steps it is the digest</em>
-<a class="jxr_linenumber" name="343" href="#343">343</a>         <em class="jxr_comment">// produced in step 21.h. The following text uses the notation</em>
-<a class="jxr_linenumber" name="344" href="#344">344</a>         <em class="jxr_comment">// "digest A/C" to describe this behavior.</em>
-<a class="jxr_linenumber" name="345" href="#345">345</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="346" href="#346">346</a> <em class="jxr_comment">         * Repeatedly run the collected hash value through sha512 to burn CPU cycles.</em>
-<a class="jxr_linenumber" name="347" href="#347">347</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="348" href="#348">348</a>         <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i &lt;= rounds - 1; i++) {
-<a class="jxr_linenumber" name="349" href="#349">349</a>             <em class="jxr_comment">// a) start digest C</em>
-<a class="jxr_linenumber" name="350" href="#350">350</a>             <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="351" href="#351">351</a> <em class="jxr_comment">             * New context.</em>
-<a class="jxr_linenumber" name="352" href="#352">352</a> <em class="jxr_comment">             */</em>
-<a class="jxr_linenumber" name="353" href="#353">353</a>             ctx = DigestUtils.getDigest(algorithm);
-<a class="jxr_linenumber" name="354" href="#354">354</a> 
-<a class="jxr_linenumber" name="355" href="#355">355</a>             <em class="jxr_comment">// b) for odd round numbers add the byte sequense P to digest C</em>
-<a class="jxr_linenumber" name="356" href="#356">356</a>             <em class="jxr_comment">// c) for even round numbers add digest A/C</em>
-<a class="jxr_linenumber" name="357" href="#357">357</a>             <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="358" href="#358">358</a> <em class="jxr_comment">             * Add key or last result.</em>
-<a class="jxr_linenumber" name="359" href="#359">359</a> <em class="jxr_comment">             */</em>
-<a class="jxr_linenumber" name="360" href="#360">360</a>             <strong class="jxr_keyword">if</strong> ((i &amp; 1) != 0) {
-<a class="jxr_linenumber" name="361" href="#361">361</a>                 ctx.update(pBytes, 0, keyLen);
-<a class="jxr_linenumber" name="362" href="#362">362</a>             } <strong class="jxr_keyword">else</strong> {
-<a class="jxr_linenumber" name="363" href="#363">363</a>                 ctx.update(altResult, 0, blocksize);
-<a class="jxr_linenumber" name="364" href="#364">364</a>             }
-<a class="jxr_linenumber" name="365" href="#365">365</a> 
-<a class="jxr_linenumber" name="366" href="#366">366</a>             <em class="jxr_comment">// d) for all round numbers not divisible by 3 add the byte sequence S</em>
-<a class="jxr_linenumber" name="367" href="#367">367</a>             <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="368" href="#368">368</a> <em class="jxr_comment">             * Add salt for numbers not divisible by 3.</em>
-<a class="jxr_linenumber" name="369" href="#369">369</a> <em class="jxr_comment">             */</em>
-<a class="jxr_linenumber" name="370" href="#370">370</a>             <strong class="jxr_keyword">if</strong> (i % 3 != 0) {
-<a class="jxr_linenumber" name="371" href="#371">371</a>                 ctx.update(sBytes, 0, saltLen);
+<a class="jxr_linenumber" name="316" href="#316">316</a>         <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 1; i &lt;= 16 + (altResult[0] &amp; 0xff); i++) {
+<a class="jxr_linenumber" name="317" href="#317">317</a>             altCtx.update(saltBytes);
+<a class="jxr_linenumber" name="318" href="#318">318</a>         }
+<a class="jxr_linenumber" name="319" href="#319">319</a> 
+<a class="jxr_linenumber" name="320" href="#320">320</a>         <em class="jxr_comment">// 19. finish digest DS</em>
+<a class="jxr_linenumber" name="321" href="#321">321</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="322" href="#322">322</a> <em class="jxr_comment">         * Finish the digest.</em>
+<a class="jxr_linenumber" name="323" href="#323">323</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="324" href="#324">324</a>         tempResult = altCtx.digest();
+<a class="jxr_linenumber" name="325" href="#325">325</a> 
+<a class="jxr_linenumber" name="326" href="#326">326</a>         <em class="jxr_comment">// 20. produce byte sequence S of the same length as the salt string where</em>
+<a class="jxr_linenumber" name="327" href="#327">327</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="328" href="#328">328</a>         <em class="jxr_comment">// a) for each block of 32 or 64 bytes of length of the salt string</em>
+<a class="jxr_linenumber" name="329" href="#329">329</a>         <em class="jxr_comment">// the entire digest DS is used</em>
+<a class="jxr_linenumber" name="330" href="#330">330</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="331" href="#331">331</a>         <em class="jxr_comment">// b) for the remaining N (up to 31 or 63) bytes use the first N</em>
+<a class="jxr_linenumber" name="332" href="#332">332</a>         <em class="jxr_comment">// bytes of digest DS</em>
+<a class="jxr_linenumber" name="333" href="#333">333</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="334" href="#334">334</a> <em class="jxr_comment">         * Create byte sequence S.</em>
+<a class="jxr_linenumber" name="335" href="#335">335</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="336" href="#336">336</a>         <em class="jxr_comment">// Remark: The salt is limited to 16 chars, how does this make sense?</em>
+<a class="jxr_linenumber" name="337" href="#337">337</a>         <strong class="jxr_keyword">final</strong> byte[] sBytes = <strong class="jxr_keyword">new</strong> byte[saltLen];
+<a class="jxr_linenumber" name="338" href="#338">338</a>         cp = 0;
+<a class="jxr_linenumber" name="339" href="#339">339</a>         <strong class="jxr_keyword">while</strong> (cp &lt; saltLen - blocksize) {
+<a class="jxr_linenumber" name="340" href="#340">340</a>             System.arraycopy(tempResult, 0, sBytes, cp, blocksize);
+<a class="jxr_linenumber" name="341" href="#341">341</a>             cp += blocksize;
+<a class="jxr_linenumber" name="342" href="#342">342</a>         }
+<a class="jxr_linenumber" name="343" href="#343">343</a>         System.arraycopy(tempResult, 0, sBytes, cp, saltLen - cp);
+<a class="jxr_linenumber" name="344" href="#344">344</a> 
+<a class="jxr_linenumber" name="345" href="#345">345</a>         <em class="jxr_comment">// 21. repeat a loop according to the number specified in the rounds=&lt;N&gt;</em>
+<a class="jxr_linenumber" name="346" href="#346">346</a>         <em class="jxr_comment">// specification in the salt (or the default value if none is</em>
+<a class="jxr_linenumber" name="347" href="#347">347</a>         <em class="jxr_comment">// present). Each round is numbered, starting with 0 and up to N-1.</em>
+<a class="jxr_linenumber" name="348" href="#348">348</a>         <em class="jxr_comment">//</em>
+<a class="jxr_linenumber" name="349" href="#349">349</a>         <em class="jxr_comment">// The loop uses a digest as input. In the first round it is the</em>
+<a class="jxr_linenumber" name="350" href="#350">350</a>         <em class="jxr_comment">// digest produced in step 12. In the latter steps it is the digest</em>
+<a class="jxr_linenumber" name="351" href="#351">351</a>         <em class="jxr_comment">// produced in step 21.h. The following text uses the notation</em>
+<a class="jxr_linenumber" name="352" href="#352">352</a>         <em class="jxr_comment">// "digest A/C" to describe this behavior.</em>
+<a class="jxr_linenumber" name="353" href="#353">353</a>         <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="354" href="#354">354</a> <em class="jxr_comment">         * Repeatedly run the collected hash value through sha512 to burn CPU cycles.</em>
+<a class="jxr_linenumber" name="355" href="#355">355</a> <em class="jxr_comment">         */</em>
+<a class="jxr_linenumber" name="356" href="#356">356</a>         <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">int</strong> i = 0; i &lt;= rounds - 1; i++) {
+<a class="jxr_linenumber" name="357" href="#357">357</a>             <em class="jxr_comment">// a) start digest C</em>
+<a class="jxr_linenumber" name="358" href="#358">358</a>             <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="359" href="#359">359</a> <em class="jxr_comment">             * New context.</em>
+<a class="jxr_linenumber" name="360" href="#360">360</a> <em class="jxr_comment">             */</em>
+<a class="jxr_linenumber" name="361" href="#361">361</a>             ctx = DigestUtils.getDigest(algorithm);
+<a class="jxr_linenumber" name="362" href="#362">362</a> 
+<a class="jxr_linenumber" name="363" href="#363">363</a>             <em class="jxr_comment">// b) for odd round numbers add the byte sequense P to digest C</em>
+<a class="jxr_linenumber" name="364" href="#364">364</a>             <em class="jxr_comment">// c) for even round numbers add digest A/C</em>
+<a class="jxr_linenumber" name="365" href="#365">365</a>             <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="366" href="#366">366</a> <em class="jxr_comment">             * Add key or last result.</em>
+<a class="jxr_linenumber" name="367" href="#367">367</a> <em class="jxr_comment">             */</em>
+<a class="jxr_linenumber" name="368" href="#368">368</a>             <strong class="jxr_keyword">if</strong> ((i &amp; 1) != 0) {
+<a class="jxr_linenumber" name="369" href="#369">369</a>                 ctx.update(pBytes, 0, keyLen);
+<a class="jxr_linenumber" name="370" href="#370">370</a>             } <strong class="jxr_keyword">else</strong> {
+<a class="jxr_linenumber" name="371" href="#371">371</a>                 ctx.update(altResult, 0, blocksize);
 <a class="jxr_linenumber" name="372" href="#372">372</a>             }
 <a class="jxr_linenumber" name="373" href="#373">373</a> 
-<a class="jxr_linenumber" name="374" href="#374">374</a>             <em class="jxr_comment">// e) for all round numbers not divisible by 7 add the byte sequence P</em>
+<a class="jxr_linenumber" name="374" href="#374">374</a>             <em class="jxr_comment">// d) for all round numbers not divisible by 3 add the byte sequence S</em>
 <a class="jxr_linenumber" name="375" href="#375">375</a>             <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="376" href="#376">376</a> <em class="jxr_comment">             * Add key for numbers not divisible by 7.</em>
+<a class="jxr_linenumber" name="376" href="#376">376</a> <em class="jxr_comment">             * Add salt for numbers not divisible by 3.</em>
 <a class="jxr_linenumber" name="377" href="#377">377</a> <em class="jxr_comment">             */</em>
-<a class="jxr_linenumber" name="378" href="#378">378</a>             <strong class="jxr_keyword">if</strong> (i % 7 != 0) {
-<a class="jxr_linenumber" name="379" href="#379">379</a>                 ctx.update(pBytes, 0, keyLen);
+<a class="jxr_linenumber" name="378" href="#378">378</a>             <strong class="jxr_keyword">if</strong> (i % 3 != 0) {
+<a class="jxr_linenumber" name="379" href="#379">379</a>                 ctx.update(sBytes, 0, saltLen);
 <a class="jxr_linenumber" name="380" href="#380">380</a>             }
 <a class="jxr_linenumber" name="381" href="#381">381</a> 
-<a class="jxr_linenumber" name="382" href="#382">382</a>             <em class="jxr_comment">// f) for odd round numbers add digest A/C</em>
-<a class="jxr_linenumber" name="383" href="#383">383</a>             <em class="jxr_comment">// g) for even round numbers add the byte sequence P</em>
-<a class="jxr_linenumber" name="384" href="#384">384</a>             <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="385" href="#385">385</a> <em class="jxr_comment">             * Add key or last result.</em>
-<a class="jxr_linenumber" name="386" href="#386">386</a> <em class="jxr_comment">             */</em>
-<a class="jxr_linenumber" name="387" href="#387">387</a>             <strong class="jxr_keyword">if</strong> ((i &amp; 1) != 0) {
-<a class="jxr_linenumber" name="388" href="#388">388</a>                 ctx.update(altResult, 0, blocksize);
-<a class="jxr_linenumber" name="389" href="#389">389</a>             } <strong class="jxr_keyword">else</strong> {
-<a class="jxr_linenumber" name="390" href="#390">390</a>                 ctx.update(pBytes, 0, keyLen);
-<a class="jxr_linenumber" name="391" href="#391">391</a>             }
-<a class="jxr_linenumber" name="392" href="#392">392</a> 
-<a class="jxr_linenumber" name="393" href="#393">393</a>             <em class="jxr_comment">// h) finish digest C.</em>
-<a class="jxr_linenumber" name="394" href="#394">394</a>             <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="395" href="#395">395</a> <em class="jxr_comment">             * Create intermediate result.</em>
-<a class="jxr_linenumber" name="396" href="#396">396</a> <em class="jxr_comment">             */</em>
-<a class="jxr_linenumber" name="397" href="#397">397</a>             altResult = ctx.digest();
-<a class="jxr_linenumber" name="398" href="#398">398</a>         }
-<a class="jxr_linenumber" name="399" href="#399">399</a> 
-<a class="jxr_linenumber" name="400" href="#400">400</a>         <em class="jxr_comment">// 22. Produce the output string. This is an ASCII string of the maximum</em>
-<a class="jxr_linenumber" name="401" href="#401">401</a>         <em class="jxr_comment">// size specified above, consisting of multiple pieces:</em>
-<a class="jxr_linenumber" name="402" href="#402">402</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="403" href="#403">403</a>         <em class="jxr_comment">// a) the salt salt_prefix, $5$ or $6$ respectively</em>
-<a class="jxr_linenumber" name="404" href="#404">404</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="405" href="#405">405</a>         <em class="jxr_comment">// b) the rounds=&lt;N&gt; specification, if one was present in the input</em>
-<a class="jxr_linenumber" name="406" href="#406">406</a>         <em class="jxr_comment">// salt string. A trailing '$' is added in this case to separate</em>
-<a class="jxr_linenumber" name="407" href="#407">407</a>         <em class="jxr_comment">// the rounds specification from the following text.</em>
-<a class="jxr_linenumber" name="408" href="#408">408</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="409" href="#409">409</a>         <em class="jxr_comment">// c) the salt string truncated to 16 characters</em>
+<a class="jxr_linenumber" name="382" href="#382">382</a>             <em class="jxr_comment">// e) for all round numbers not divisible by 7 add the byte sequence P</em>
+<a class="jxr_linenumber" name="383" href="#383">383</a>             <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="384" href="#384">384</a> <em class="jxr_comment">             * Add key for numbers not divisible by 7.</em>
+<a class="jxr_linenumber" name="385" href="#385">385</a> <em class="jxr_comment">             */</em>
+<a class="jxr_linenumber" name="386" href="#386">386</a>             <strong class="jxr_keyword">if</strong> (i % 7 != 0) {
+<a class="jxr_linenumber" name="387" href="#387">387</a>                 ctx.update(pBytes, 0, keyLen);
+<a class="jxr_linenumber" name="388" href="#388">388</a>             }
+<a class="jxr_linenumber" name="389" href="#389">389</a> 
+<a class="jxr_linenumber" name="390" href="#390">390</a>             <em class="jxr_comment">// f) for odd round numbers add digest A/C</em>
+<a class="jxr_linenumber" name="391" href="#391">391</a>             <em class="jxr_comment">// g) for even round numbers add the byte sequence P</em>
+<a class="jxr_linenumber" name="392" href="#392">392</a>             <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="393" href="#393">393</a> <em class="jxr_comment">             * Add key or last result.</em>
+<a class="jxr_linenumber" name="394" href="#394">394</a> <em class="jxr_comment">             */</em>
+<a class="jxr_linenumber" name="395" href="#395">395</a>             <strong class="jxr_keyword">if</strong> ((i &amp; 1) != 0) {
+<a class="jxr_linenumber" name="396" href="#396">396</a>                 ctx.update(altResult, 0, blocksize);
+<a class="jxr_linenumber" name="397" href="#397">397</a>             } <strong class="jxr_keyword">else</strong> {
+<a class="jxr_linenumber" name="398" href="#398">398</a>                 ctx.update(pBytes, 0, keyLen);
+<a class="jxr_linenumber" name="399" href="#399">399</a>             }
+<a class="jxr_linenumber" name="400" href="#400">400</a> 
+<a class="jxr_linenumber" name="401" href="#401">401</a>             <em class="jxr_comment">// h) finish digest C.</em>
+<a class="jxr_linenumber" name="402" href="#402">402</a>             <em class="jxr_comment">/*</em>
+<a class="jxr_linenumber" name="403" href="#403">403</a> <em class="jxr_comment">             * Create intermediate result.</em>
+<a class="jxr_linenumber" name="404" href="#404">404</a> <em class="jxr_comment">             */</em>
+<a class="jxr_linenumber" name="405" href="#405">405</a>             altResult = ctx.digest();
+<a class="jxr_linenumber" name="406" href="#406">406</a>         }
+<a class="jxr_linenumber" name="407" href="#407">407</a> 
+<a class="jxr_linenumber" name="408" href="#408">408</a>         <em class="jxr_comment">// 22. Produce the output string. This is an ASCII string of the maximum</em>
+<a class="jxr_linenumber" name="409" href="#409">409</a>         <em class="jxr_comment">// size specified above, consisting of multiple pieces:</em>
 <a class="jxr_linenumber" name="410" href="#410">410</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="411" href="#411">411</a>         <em class="jxr_comment">// d) a '$' character</em>
-<a class="jxr_linenumber" name="412" href="#412">412</a>         <em class="jxr_comment">/*</em>
-<a class="jxr_linenumber" name="413" href="#413">413</a> <em class="jxr_comment">         * Now we can construct the result string. It consists of three parts.</em>
-<a class="jxr_linenumber" name="414" href="#414">414</a> <em class="jxr_comment">         */</em>
-<a class="jxr_linenumber" name="415" href="#415">415</a>         <strong class="jxr_keyword">final</strong> StringBuilder buffer = <strong class="jxr_keyword">new</strong> StringBuilder(saltPrefix);
-<a class="jxr_linenumber" name="416" href="#416">416</a>         <strong class="jxr_keyword">if</strong> (roundsCustom) {
-<a class="jxr_linenumber" name="417" href="#417">417</a>             buffer.append(ROUNDS_PREFIX);
-<a class="jxr_linenumber" name="418" href="#418">418</a>             buffer.append(rounds);
-<a class="jxr_linenumber" name="419" href="#419">419</a>             buffer.append(<span class="jxr_string">"$"</span>);
-<a class="jxr_linenumber" name="420" href="#420">420</a>         }
-<a class="jxr_linenumber" name="421" href="#421">421</a>         buffer.append(saltString);
-<a class="jxr_linenumber" name="422" href="#422">422</a>         buffer.append(<span class="jxr_string">"$"</span>);
-<a class="jxr_linenumber" name="423" href="#423">423</a> 
-<a class="jxr_linenumber" name="424" href="#424">424</a>         <em class="jxr_comment">// e) the base-64 encoded final C digest. The encoding used is as</em>
-<a class="jxr_linenumber" name="425" href="#425">425</a>         <em class="jxr_comment">// follows:</em>
-<a class="jxr_linenumber" name="426" href="#426">426</a>         <em class="jxr_comment">// [...]</em>
-<a class="jxr_linenumber" name="427" href="#427">427</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="428" href="#428">428</a>         <em class="jxr_comment">// Each group of three bytes from the digest produces four</em>
-<a class="jxr_linenumber" name="429" href="#429">429</a>         <em class="jxr_comment">// characters as output:</em>
-<a class="jxr_linenumber" name="430" href="#430">430</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="431" href="#431">431</a>         <em class="jxr_comment">// 1. character: the six low bits of the first byte</em>
-<a class="jxr_linenumber" name="432" href="#432">432</a>         <em class="jxr_comment">// 2. character: the two high bits of the first byte and the</em>
-<a class="jxr_linenumber" name="433" href="#433">433</a>         <em class="jxr_comment">// four low bytes from the second byte</em>
-<a class="jxr_linenumber" name="434" href="#434">434</a>         <em class="jxr_comment">// 3. character: the four high bytes from the second byte and</em>
-<a class="jxr_linenumber" name="435" href="#435">435</a>         <em class="jxr_comment">// the two low bits from the third byte</em>
-<a class="jxr_linenumber" name="436" href="#436">436</a>         <em class="jxr_comment">// 4. character: the six high bits from the third byte</em>
-<a class="jxr_linenumber" name="437" href="#437">437</a>         <em class="jxr_comment">//</em>
-<a class="jxr_linenumber" name="438" href="#438">438</a>         <em class="jxr_comment">// The groups of three bytes are as follows (in this sequence).</em>
-<a class="jxr_linenumber" name="439" href="#439">439</a>         <em class="jxr_comment">// These are the indices into the byte array containing the</em>
-<a class="jxr_linenumber" name="440" href="#440">440</a>         <em class="jxr_comment">// digest, starting with index 0. For the last group there are</em>
-<a class="jxr_linenumber" name="441" href="#441">441</a>         <em class="jxr_comment">// not enough bytes left in the digest and the value zero is used</em>
-<a class="jxr_linenumber" name="442" href="#442">442</a>         <em class="jxr_comment">// in its place. This group also produces only three or two</em>
-<a class="jxr_linenumber" name="443" href="#443">443</a>         <em class="jxr_comment">// characters as output for SHA-512 and SHA-512 respectively.</em>
-<a class="jxr_linenumber" name="444" href="#444">444</a> 
-<a class="jxr_linenumber" name="445" href="#445">445</a>         <em class="jxr_comment">// This was just a safeguard in the C implementation:</em>
-<a class="jxr_linenumber" name="446" href="#446">446</a>         <em class="jxr_comment">// int buflen = salt_prefix.length() - 1 + ROUNDS_PREFIX.length() + 9 + 1 + salt_string.length() + 1 + 86 + 1;</em>
-<a class="jxr_linenumber" name="447" href="#447">447</a> 
-<a class="jxr_linenumber" name="448" href="#448">448</a>         <strong class="jxr_keyword">if</strong> (blocksize == 32) {
-<a class="jxr_linenumber" name="449" href="#449">449</a>             B64.b64from24bit(altResult[0], altResult[10], altResult[20], 4, buffer);
-<a class="jxr_linenumber" name="450" href="#450">450</a>             B64.b64from24bit(altResult[21], altResult[1], altResult[11], 4, buffer);
-<a class="jxr_linenumber" name="451" href="#451">451</a>             B64.b64from24bit(altResult[12], altResult[22], altResult[2], 4, buffer);
-<a class="jxr_linenumber" name="452" href="#452">452</a>             B64.b64from24bit(altResult[3], altResult[13], altResult[23], 4, buffer);
-<a class="jxr_linenumber" name="453" href="#453">453</a>             B64.b64from24bit(altResult[24], altResult[4], altResult[14], 4, buffer);
-<a class="jxr_linenumber" name="454" href="#454">454</a>             B64.b64from24bit(altResult[15], altResult[25], altResult[5], 4, buffer);
-<a class="jxr_linenumber" name="455" href="#455">455</a>             B64.b64from24bit(altResult[6], altResult[16], altResult[26], 4, buffer);
-<a class="jxr_linenumber" name="456" href="#456">456</a>             B64.b64from24bit(altResult[27], altResult[7], altResult[17], 4, buffer);
-<a class="jxr_linenumber" name="457" href="#457">457</a>             B64.b64from24bit(altResult[18], altResult[28], altResult[8], 4, buffer);
-<a class="jxr_linenumber" name="458" href="#458">458</a>             B64.b64from24bit(altResult[9], altResult[19], altResult[29], 4, buffer);
-<a class="jxr_linenumber" name="459" href="#459">459</a>             B64.b64from24bit((byte) 0, altResult[31], altResult[30], 3, buffer);
-<a class="jxr_linenumber" name="460" href="#460">460</a>         } <strong class="jxr_keyword">else</strong> {
-<a class="jxr_linenumber" name="461" href="#461">461</a>             B64.b64from24bit(altResult[0], altResult[21], altResult[42], 4, buffer);
-<a class="jxr_linenumber" name="462" href="#462">462</a>             B64.b64from24bit(altResult[22], altResult[43], altResult[1], 4, buffer);
-<a class="jxr_linenumber" name="463" href="#463">463</a>             B64.b64from24bit(altResult[44], altResult[2], altResult[23], 4, buffer);
-<a class="jxr_linenumber" name="464" href="#464">464</a>             B64.b64from24bit(altResult[3], altResult[24], altResult[45], 4, buffer);
-<a class="jxr_linenumber" name="465" href="#465">465</a>             B64.b64from24bit(altResult[25], altResult[46], altResult[4], 4, buffer);
-<a class="jxr_linenumber" name="466" href="#466">466</a>             B64.b64from24bit(altResult[47], altResult[5], altResult[26], 4, buffer);

[... 202 lines stripped ...]


Mime
View raw message