Crypto Offload

Offloading cryptographic function from web servers

Offloading cryptographic function from web servers


When constantly using cryptographic functions on web server, its a good idea to move them to other server. We will gain CPU power on customer facing web server and we will treat cryptographic as a service. We will be able to scale web and crypto servers, and what is most important, keys will be stored in secure way.
We can use general purpuse servers or dedicated cryptographic accelerators.

Password hash example on Apache Tomcat server. Parameters send using GET.

<% out.println(crypto_hash(request.getParameter("username") , request.getParameter("password") )); %>


<%@page import="org.apache.jasper.tagplugins.jstl.core.Out"%>
<%@page import="com.sun.org.apache.bcel.internal.generic.NEW"%>
<%@page import="javax.crypto.Cipher"%>
<%@page import="java.security.*"%>
<%@page import="javax.crypto.spec.*"%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%!


public static String crypto_hash(String username, String password)
{


if ((username == null) || (username.length() == 0 ))
{

return "";


}

if ((password == null) || (password.length() == 0 ))
{

return "";

}


byte[] byte_to_be_hashed = (username + password + username).getBytes();
byte[] byte_key = (username + "mySalt").getBytes();

MessageDigest md5 = MessageDigest.getInstance("MD5");


try
{



MessageDigest md5 = MessageDigest.getInstance("MD5");

byte[] byte_hash = md5.digest(byte_to_be_hashed);
byte[] byte_hashed_key = md5.digest(byte_key);

Cipher aes_cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
SecretKeySpec aes_key_spec = new SecretKeySpec(byte_hashed_key, "AES");
aes_cipher.init(Cipher.ENCRYPT_MODE, aes_key_spec);
byte[] encrypted = aes_cipher.doFinal(byte_hash);



String output = "";



for (int i = 0 ; i < encrypted.length ; i++)
{

output = output + String.format("%02x", encrypted[i]);

}

return output;


}
catch (Exception e)
{



}


return " ";

}
%>