How SALT technology works with PeopleSoft, that is not included in People book. But a new field is added to PSOPRDEFN after Tools 8.53 to store hashed with salted password.
HashWithSalt(cleartext_string, &salt_string)
Use the HashWithSalt function to generate a hashed (or “salted”) string. The output is Base64 encoded. For example, use the HashWithSalt function to generate a password for storage in the database. Because the HashWithSalt function generates output from the clear text password and a randomly generated salt value, it provides more secure hashing than the Hash function.
When you store a hashed password generated by HashWithSalt in PSOPRDEFN.OPERPSWD, you must also store the salt string used in PSOPRDEFN.OPERPSWDSALT.
To compare a clear text input value with an hashed value, use either the VerifyOprPassword function (for hashed and stored passwords) or the VerifyHash function for other salted strings.
Parameters
cleartext_string: Specifies the string, such as a password, to be hashed.
&salt_string: Specifies the randomly generated salt value as a string value.
If the supplied salt value is a null value, then the HashWithSalt function will generate a salt value that will be returned as the value of this variable or record field..
Returns: A String value.
Example:
The following examples demonstrate three methods for generating and storing a hashed password:
• Method 1 – Presents a loop that could process a series of passwords. In this specific case, only one salt value is generated and the loop is executed once only. Because SecureRandomGen is based on the Java security SecureRandom function, it is more efficient to call it once to return an array of required salt values than it is to call it once for each salt value required.
• Method 2 – Generates a new salt value and then generates a hashed password using this salt value.
Both the hashed password and the salt value are stored together in the database.
• Method 3 – Uses the PSOPRDEFN.OPERPSWDSALT field as a salt value to generate the hashed
password, which is then stored in the database. When PSOPRDEFN.OPERPSWDSALT is null,
Arbortext Editor Unformatted Print: langref_TEMPPasswordSaltingFunctions.dita Printed Thu
HashWithSalt generates a salt value, which in turn is stored in the PSOPRDEFN.OPERPSWDSALT
field.
/* method 1 */
Local array of string &operpwsdsalt;
Local string &resultSalt;
&operpwsdsalt = SecureRandomGen();
If (&operpwsdsalt <> Null) Then
For &i = 1 To &operpwsdsalt.Len
&resultSalt = &operpwsdsalt [&i];
&pswd = HashWithSalt(&OPRPSWD, &operpwsdsalt [&i]);
PSOPRDEFN.OPERPSWD = &pswd;
PSOPRDEFN.OPERPSWDSALT = &resultSalt;
End-For;
End-If;
/* method 2 */
Local array of string &operpwsdsalt;
&operpwsdsalt = SecureRandomGen();
&pswd = HashWithSalt(&OPRPSWD, &operpwsdsalt [1]);
PSOPRDEFN.OPERPSWD = &pswd;
PSOPRDEFN.OPERPSWDSALT = &resultSalt;
/* method 3 */
&pswd = HashWithSalt(&OPRPSWD, PSOPRDEFN.OPERPSWDSALT);
PSOPRDEFN.OPERPSWD = &pswd;
Commonly faced issue:
1.Copy User Profiles functionality not correctly working because HashWithSalt PeopleCode is not functioning in PeopleTools 8.54.09.
2. HashWithSalt returns blank.
Steps to resolve:
1. Find the Java class PSSecureRandomGen.class in a working environment.
2. Copy the class file in the problem environment, in the location PS_HOME\class\psft\pt8\pshttp
3. Restart the app server and re-test.
Thanks for reading !!
Regards,
Manoranjan
No comments:
Post a Comment