Skip to content

nremond/pbkdf2-scala

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

168 Commits

project

project

 
 

src

src

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

README.md

README.md

 
 

build.sbt

build.sbt

 
 

license.txt

license.txt

 
 

version.sbt

version.sbt

 
 

Repository files navigation

PBKDF2 Build Status

pbkdf2-scala is an implementation of PBKDF2 in Scala. It is cross-compiled for Scala 2.11, 2.12, and 2.13.

For using it, you can add the following dependency in SBT.

libraryDependencies += "io.github.nremond" %% "pbkdf2-scala" % "0.7.0"

Standards Conformance

This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-512. As a matter of fact, SHA-512 provides a longer bit length and in addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.

Setting the number of iterations

Choosing the correct value for this parameter is thus a trade-off: it should be set as high as possible, to make attacks as difficult as possible, without making legitimate applications unusably slow.

Security Considerations section of RFC 3962 provides a useful example on how to consider that choice.The current default value is set to 210000, based on the OWASP Cheat Sheet Series.

Using the library

You can use the raw PBKDF2 function which as the following signature:

object PBKDF2 {
  def apply(password: Array[Byte], 
            salt: Array[Byte], 
            iterations: Int = 210000, 
            dkLength: Int = 32, 
            cryptoAlgo: String = "HmacSHA512"): Array[Byte]
}

Alternatively, you can use the following functions that will handle the salting for you:

object SecureHash {
  def createHash(password: String,
                 iterations: Int = 210000,
                 dkLength: Int = 32,
                 cryptoAlgo: String = "HmacSHA512"): String

  def validatePassword(password: String, hashedPassword: String): Boolean
}

validatePassword and createHash output are compatible with PassLib for the supported pseudo-random-functions (HmacSHA1, HmacSHA256, HmacSHA512).

Release Notes

  • 0.6: Scala 2.13 and 3 support
  • 0.6: Scala 2.12 and 2.13 support
  • 0.5: Breaking changes in SecureHash to implement a version of Modular Crypt Format (MCF) compatible with PassLib. User of older version of this library can find the previous API here. Update the default security settings to HmacSHA512.
  • 0.4: Introduce the SecureHash class to handle the salting.
  • 0.3: Update the default security settings.

License

See the license.txt file for the terms under which it may be used and distributed.

About

PBKDF2 implementation in Scala

Resources

Readme

License

View license
Activity

Stars

50 stars

Watchers

9 watching

Forks

11 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 10

Languages