0

in my code example i generate a random byte array that I have to use as salt with my password field.

The problem occurs when in my byte array there is a NUL character. I have founded a way to remove this character using strings but for security reasons I'd like to use array and not string to remove this values.

Below a snippets whith my solution. In this example I remove NUL occurences but could be a good choice to replace them. How can I replace it? Thanks.

private static byte[] generateSalt() throws UnsupportedEncodingException, NoSuchAlgorithmException{
    final Random RANDOM = new SecureRandom();

    byte[] salt = new byte[12];
    RANDOM.nextBytes(salt);  

    String str = new String(salt, StandardCharsets.UTF_8);
    str.replaceAll("\u0000", "");
    salt = str.getBytes("UTF-8");

    return salt;
}
Antonio Argentieri
  • 147
  • 2
  • 13
  • Byte arrays do not contain characters, they contain bytes. You may want to use an encoding of bytes to characters such as base64. Anyway, why would you want to remove zero bytes? And if you're trying to treat bytes as characters, why only zeros and not any unprintable character? – Erwin Bolwidt Nov 05 '19 at 23:06
  • Why not just loop over the indices of the array, and set each value using `RANDOM.nextInt(1,256)`? – kaya3 Nov 05 '19 at 23:06
  • @kaya3 I could try your solution. – Antonio Argentieri Nov 05 '19 at 23:09
  • @ErwinBolwidt I need to remove them because I have to save this valuea in my Postegree db and it seems have problem to encode this NUL value. – Antonio Argentieri Nov 05 '19 at 23:11
  • @kaya3 Eclipse suggests me that RANDOM.nextInt(int, int) is not defined. I have tried with nextInt() but I have problems with my Login. I do know why but with my procedure a NUL character is generated very often. – Antonio Argentieri Nov 05 '19 at 23:28
  • `RANDOM.nextInt(255) + 1` is equivalent. – kaya3 Nov 05 '19 at 23:31
  • @kaya3 Have I to cast each value to byte? – Antonio Argentieri Nov 05 '19 at 23:53
  • Yes, of course, because you are assigning to a `byte` array. – kaya3 Nov 05 '19 at 23:54
  • I have tried in this way but it doesn't work for me. I have manually tryed to assign to salt[i] = 13 and it works... but 13 isn't a random value... – Antonio Argentieri Nov 06 '19 at 00:00
  • 1
    This looks like an [xy problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) - it's better to ask the question about storing your byte array in PostgresQL and encountering a problem with nul bytes, rather than about your workaround, as there may be better solutions. – Erwin Bolwidt Nov 06 '19 at 01:09
  • 1
    For example, you may be using the wrong datatype for the column - if you're storing bytes, you should use `bytea`, not `text`: [What is the datatype bytea and when would I use it?](https://stackoverflow.com/questions/34486931/what-is-the-datatype-bytea-and-when-would-i-use-it) – Erwin Bolwidt Nov 06 '19 at 01:16
  • @ErwinBolwidt Thanks a lot, in my code I created a byte array but then I saved it as text type. Now I use bytea and it works as expected. You have saved me! – Antonio Argentieri Nov 07 '19 at 09:20

0 Answers0