JDBCHashStrategy (Vert.x Stack

Deprecated.
This strategy has been deprecated in favour of HashingStrategy. The new implementation is backend agnostic and follows a standard format that can be reused across different storages.
```
@Deprecated
public interface JDBCHashStrategy
```
Determines how the hashing is computed in the implementation You can implement this to provide a different hashing strategy to the default.

Author:

Tim Fox

Method Summary

All Methods Static Methods Instance Methods Abstract Methods Default Methods Deprecated Methods
Modifier and Type	Method and Description
`String`	`computeHash(String password, String salt, int version)` Deprecated. Compute the hashed password given the unhashed password and the salt
`static JDBCHashStrategy`	`createPBKDF2(Vertx vertx)` Deprecated. Implements a Hashing Strategy as per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet (2018-01-17).
`static JDBCHashStrategy`	`createSHA512(Vertx vertx)` Deprecated. This is the current backwards compatible hashing implementation, new applications should prefer the PBKDF2 implementation, unless the tradeoff between security and CPU usage is an option.
`String`	`generateSalt()` Deprecated. Compute a random salt.
`String`	`getHashedStoredPwd(JsonArray row)` Deprecated. Retrieve the hashed password from the result of the authentication query
`String`	`getSalt(JsonArray row)` Deprecated. Retrieve the salt from the result of the authentication query
`static boolean`	`isEqual(String hasha, String hashb)` Deprecated. Time constant string comparision to avoid timming attacks.
`void`	`setNonces(JsonArray nonces)` Deprecated. Sets a ordered list of nonces where each position corresponds to a version.

- Method Detail
  - createSHA512
```
static JDBCHashStrategy createSHA512(Vertx vertx)
```
    Deprecated.
    
    This is the current backwards compatible hashing implementation, new applications should prefer the PBKDF2 implementation, unless the tradeoff between security and CPU usage is an option.
    
    Parameters:
    
    vertx - the vert.x instance
    
    Returns:
    
    the implementation.
  - createPBKDF2
```
static JDBCHashStrategy createPBKDF2(Vertx vertx)
```
    Deprecated.
    
    Implements a Hashing Strategy as per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet (2018-01-17). New deployments should use this strategy instead of the default one (which was the previous OWASP recommendation). The work factor can be updated by using the nonces json array.
    
    Parameters:
    
    vertx - the vert.x instance
    
    Returns:
    
    the implementation.
  - generateSalt
```
String generateSalt()
```
    Deprecated.
    
    Compute a random salt.
    
    Returns:
    
    a non null salt value
  - computeHash
```
String computeHash(String password,
                   String salt,
                   int version)
```
    Deprecated.
    
    Compute the hashed password given the unhashed password and the salt
    
    Parameters:
    
    password - the unhashed password
    
    salt - the salt
    
    version - the nonce version to use
    
    Returns:
    
    the hashed password
  - getHashedStoredPwd
```
String getHashedStoredPwd(JsonArray row)
```
    Deprecated.
    
    Retrieve the hashed password from the result of the authentication query
    
    Parameters:
    
    row - the row
    
    Returns:
    
    the hashed password
  - getSalt
```
String getSalt(JsonArray row)
```
    Deprecated.
    
    Retrieve the salt from the result of the authentication query
    
    Parameters:
    
    row - the row
    
    Returns:
    
    the salt
  - setNonces
```
void setNonces(JsonArray nonces)
```
    Deprecated.
    
    Sets a ordered list of nonces where each position corresponds to a version. The nonces are supposed not to be stored in the underlying jdbc storage but to be provided as a application configuration. The idea is to add one extra variable to the hash function in order to make breaking the passwords using rainbow tables or precomputed hashes harder. Leaving the attacker only with the brute force approach. Nonces are dependent on the implementation. E.g.: for the SHA512 they are extra salt used during the hashing, for the PBKDF2 they map the number of iterations the algorithm should take
    
    Parameters:
    
    nonces - a json array.
  - isEqual
```
static boolean isEqual(String hasha,
                       String hashb)
```
    Deprecated.
    
    Time constant string comparision to avoid timming attacks.
    
    Parameters:
    
    hasha - hash a to compare
    
    hashb - hash b to compare
    
    Returns:
    
    true if equal

Interface JDBCHashStrategy

Method Summary

Method Detail

createSHA512

createPBKDF2

generateSalt

computeHash

getHashedStoredPwd

getSalt

setNonces

isEqual