From 22b326de80a8fafaac8ebc44c52d2931a2c799e1 Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Mon, 22 May 2017 14:43:02 +0200
Subject: [PATCH] [Minor] PasswordCreator can generate random salt

---
 .../privilege/helper/PasswordCreator.java        | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/helper/PasswordCreator.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/helper/PasswordCreator.java
index d8847454d..856fa1017 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/helper/PasswordCreator.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/helper/PasswordCreator.java
@@ -102,12 +102,6 @@ public class PasswordCreator {
 			}
 		}
 
-		System.out.print("Password: ");
-		char[] password = r.readLine().trim().toCharArray();
-		System.out.print("Salt: ");
-		String saltS = StringHelper.getHexString(r.readLine().trim().getBytes());
-		byte[] salt = StringHelper.fromHexString(saltS);
-
 		Map<String, String> parameterMap = new HashMap<>();
 		parameterMap.put(XmlConstants.XML_PARAM_HASH_ALGORITHM, hashAlgorithm);
 		parameterMap.put(XmlConstants.XML_PARAM_HASH_ITERATIONS, "" + iterations);
@@ -116,6 +110,16 @@ public class PasswordCreator {
 		DefaultEncryptionHandler encryptionHandler = new DefaultEncryptionHandler();
 		encryptionHandler.initialize(parameterMap);
 
+		System.out.print("Password: ");
+		char[] password = r.readLine().trim().toCharArray();
+		System.out.print("Salt [random]: ");
+		String saltTemp = r.readLine().trim();
+		if (saltTemp.isEmpty()) {
+			saltTemp = encryptionHandler.nextToken();
+		}
+		String saltS = StringHelper.getHexString(saltTemp.getBytes());
+		byte[] salt = StringHelper.fromHexString(saltS);
+
 		byte[] passwordHash = encryptionHandler.hashPassword(password, salt);
 		String passwordHashS = StringHelper.getHexString(passwordHash);
 		System.out.println("Hash is: " + passwordHashS);