keyLength must be larger than 0") } prf := hmac.New(h, []byte(password)) hmac.MarkAsUsedInKDF(prf) hashLen := prf.Size() numBlocks := divRoundUp(keyLength, hashLen) const maxBlocks = int64(1<<32 - 1) if keyLength+hashLen < keyLength || int64(numBlocks) > maxBlocks { return nil, errors.New("pbkdf2: keyLength too long") } var buf [4]byte dk := make([]byte, 0, numBlocks*hashLen) U := make([]byte, hashLen) for block := 1; block <= numBlocks; block++ { // N.B.: || means concatenation, ^ means XOR // for...

    super(Platform.newHashMapWithExpectedSize(multimap.keySet().size()));
    putAll(multimap);
  }

  /**
   * {@inheritDoc}
   *
   * <p>Creates an empty {@code HashSet} for a collection of values for one key.
   *
   * @return a new {@code HashSet} containing a collection of values for one key
   */
  @Override
  Set<V> createCollection() {
    return Platform.newHashSetWithExpectedSize(expectedValuesPerKey);
  }

    super(Platform.newHashMapWithExpectedSize(multimap.keySet().size()));
    putAll(multimap);
  }

  /**
   * {@inheritDoc}
   *
   * <p>Creates an empty {@code HashSet} for a collection of values for one key.
   *
   * @return a new {@code HashSet} containing a collection of values for one key
   */
  @Override
  Set<V> createCollection() {
    return Platform.newHashSetWithExpectedSize(expectedValuesPerKey);
  }

Der Dieb kann also nicht versuchen, die gleichen Passwörter in einem anderen System zu verwenden (da viele Benutzer überall das gleiche Passwort verwenden, wäre dies gefährlich).

## `pwdlib` installieren { #install-pwdlib }

pwdlib ist ein großartiges Python-Package, um Passwort-Hashes zu handhaben.

  }

  static HashCode randomHash(HashFunction hashFunction, Random random, int numActions) {
    Hasher hasher = hashFunction.newHasher();
    for (int i = 0; i < numActions; i++) {
      RandomHasherAction.pickAtRandom(random).performAction(random, ImmutableSet.of(hasher));
    }
    return hasher.hash();
  }

  private static void assertShortcutsAreEquivalent(HashFunction hashFunction, int trials) {

If your database is stolen, the thief won't have your users' plaintext passwords, only the hashes.

So, the thief won't be able to try to use that password in another system (as many users use the same password everywhere, this would be dangerous).

## Install `pwdlib` { #install-pwdlib }

pwdlib is a great Python package to handle password hashes.

It supports many secure hashing algorithms and utilities to work with them.

    hasher.putShort((short) 0x0201);
    hasher.assertBytes(new byte[] {1, 2});
  }

  public void testInt() {
    TestHasher hasher = new TestHasher();
    hasher.putInt(0x04030201);
    hasher.assertBytes(new byte[] {1, 2, 3, 4});
  }

  public void testLong() {
    TestHasher hasher = new TestHasher();
    hasher.putLong(0x0807060504030201L);
    hasher.assertBytes(new byte[] {1, 2, 3, 4, 5, 6, 7, 8});

 */
@NullUnmarked
public class HashingOutputStreamTest extends TestCase {
  private Hasher hasher;
  private HashFunction hashFunction;
  private final ByteArrayOutputStream buffer = new ByteArrayOutputStream();

  @SuppressWarnings("DoNotMock")
  @Override
  protected void setUp() throws Exception {
    super.setUp();
    hasher = mock(Hasher.class);
    hashFunction = mock(HashFunction.class);

    assertThrows(IllegalStateException.class, () -> hasher.putInt(42));
  }

  public void testHashTwice() {
    Hasher hasher = sha512().newHasher();

    assertThat(
            hasher
                .putString("The quick brown fox jumps over the lazy dog", UTF_8)
                .hash()
                .toString())

    assertThat(map.values().toString()).isEqualTo("[" + JOINER.join(map.values()) + "]");

    assertEquals(new HashSet<>(map.entrySet()), map.entrySet());
    assertEquals(new HashSet<>(map.keySet()), map.keySet());
  }