Java Cryptography Architecture: Secure Password Hashing
What you'll learn
- Integrate file hashing into Java applications and Android apps
- Integrate secure password hashing into Java applications and Android apps
Requirements
- You should be a Java developer and have an IDE ready, preferably – but not necessarily – Eclipse.
Description
In this course, you will learn how to implement document hashing and secure password hashing into Java applications using the Java Cryptography Architecture (JCA / JCE) APIs. This applies to Web applications and Java-based Desktop applications (e.g., JavaFX, Swing, AWT, SWT, RCP), but also database and backend applications as well as Android Apps.
Get practical security background information from an IT security expert. Learn how to encode hashes in-memory and stream-based. Learn how to use salt and iteration count properly for secure password hashing following PBKDF2 from the security standard PKCS#5. This is still one the most used secure hashing standards today.
You should be an experienced Java developer to take this course. We will do hands-on coding examples that can be directly used within your own (enterprise) applications!
We are using an older version of Eclipse in this course, however, the course’s content is still up-to-date. This is because PBKDF2 can be applied to current computing power by simply increasing the ‘famous’ iteration count (as used in various applications like VeraCrypt).
Content:
Setup: Download and import all necessary libraries
Simple Hashing Example
Real-world Hashing Example
Efficient stream-based Hashing
Message Authentication Code (MAC)
Secure Password Hashing with PBKDF2 / PKCS#5
Commercial Wrapper Libraries: Demo
JCE Unlimited Strength Policy File Installation (applies only for older JREs)
Who this course is for:
- You should be an experienced Java developer before taking this course. For hashing, you only need a basic understanding. Details of secure hashing, practical background information and hands-on tips will be provided in the course.
Instructor
Frank Hissen successfully studied Computer Science at Darmstadt University of Technology (Germany) focusing on IT security. For over 20 years, he works as IT consultant and software engineer; for over 15 years, he also works in various positions as security expert in IT development and consulting projects. He mainly worked for large businesses but also medium-sized companies.
He develops software and system architectures for complex systems and implements them or supervises the implementation. Moreover, he creates studies and function specifications.
In the area of IT security, Mr. Hissen is specialized in applied and technical IT security. For major as well as smaller companies, he equally developed and implemented security solutions and accompanied processes for secure product and software development.
In the area of cryptography and encryption, Mr. Hissen developed security solutions as Senior Solution Engineer at SECUDE before he became self-employed in 2009. Since then he works as freelancing expert in the area of web and cloud application security. He creates secure conceptual designs of system architectures but also takes care of their secure implementation and corresponding security requirements. One other focus is the technical examination and validation of the actual implementation.
Until now, Mr. Hissen worked in various projects amongst others for Deutsche Telekom AG, SECUDE, Allianz AG, ITO Darmstadt UT and SAP Research.