}

  public void testKnownLongInputs() {
    assertHash(1669671676, murmur3_32().hashLong(0L));
    assertHash(-846261623, murmur3_32().hashLong(-42L));
    assertHash(1871679806, murmur3_32().hashLong(42L));
    assertHash(1366273829, murmur3_32().hashLong(Long.MIN_VALUE));
    assertHash(-2106506049, murmur3_32().hashLong(Long.MAX_VALUE));
  }

  public void testKnownStringInputs() {

      addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
    }

    // Many strategies for hashing are possible. This might suffice for now.
    int coercedHash = Hashing.murmur3_32_fixed().hashLong(addressAsLong).asInt();

    // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
    coercedHash |= 0xe0000000;

      addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
    }

    // Many strategies for hashing are possible. This might suffice for now.
    int coercedHash = Hashing.murmur3_32_fixed().hashLong(addressAsLong).asInt();

    // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
    coercedHash |= 0xe0000000;

 *
 * @author Kevin Bourrillion
 * @author Jesse Wilson
 * @author Austin Appleby
 */
@GwtCompatible
@ElementTypesAreNonnullByDefault
final class Hashing {
  private Hashing() {}

  /*
   * These should be ints, but we need to use longs to force GWT to do the multiplications with
   * enough precision.
   */
  private static final long C1 = 0xcc9e2d51;

 *
 * @author Kevin Bourrillion
 * @author Jesse Wilson
 * @author Austin Appleby
 */
@GwtCompatible
@ElementTypesAreNonnullByDefault
final class Hashing {
  private Hashing() {}

  /*
   * These should be ints, but we need to use longs to force GWT to do the multiplications with
   * enough precision.
   */
  private static final long C1 = 0xcc9e2d51;

    byte result = 0x01;
    // Trick the JVM to prevent it from using the hash function non-polymorphically
    result ^= Hashing.crc32().hashInt(reps).asBytes()[0];
    result ^= Hashing.adler32().hashInt(reps).asBytes()[0];
    result ^= Hashing.fingerprint2011().hashInt(reps).asBytes()[0];
    for (int i = 0; i < reps; i++) {
      result ^= hashFunction.hashBytes(testBytes).asBytes()[0];
    }

    byte result = 0x01;
    // Trick the JVM to prevent it from using the hash function non-polymorphically
    result ^= Hashing.crc32().hashInt(reps).asBytes()[0];
    result ^= Hashing.adler32().hashInt(reps).asBytes()[0];
    result ^= Hashing.fingerprint2011().hashInt(reps).asBytes()[0];
    for (int i = 0; i < reps; i++) {
      result ^= hashFunction.hashBytes(testBytes).asBytes()[0];
    }

  }

  public void testHash_hashesCorrectly() throws Exception {
    byte[] buf = new byte[] {'y', 'a', 'm', 's'};
    HashCode expectedHash = Hashing.md5().hashBytes(buf);
    HashingOutputStream out = new HashingOutputStream(Hashing.md5(), buffer);

    out.write(buf);

    assertEquals(expectedHash, out.hash());
  }

  public void testChecksForNull() throws Exception {

# OAuth2 mit Password (und Hashing), Bearer mit JWT-Tokens

Da wir nun über den gesamten Sicherheitsablauf verfügen, machen wir die Anwendung tatsächlich sicher, indem wir <abbr title="JSON Web Tokens">JWT</abbr>-Tokens und sicheres Passwort-Hashing verwenden.

Diesen Code können Sie tatsächlich in Ihrer Anwendung verwenden, die Passwort-Hashes in Ihrer Datenbank speichern, usw.

Wir bauen auf dem vorherigen Kapitel auf.

## Über JWT

///

## Password hashing

"Hashing" means converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish.

Whenever you pass exactly the same content (exactly the same password) you get exactly the same gibberish.

But you cannot convert from the gibberish back to the password.

### Why use password hashing