Skip to content

nremond/pbkdf2-scala

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PBKDF2 Build Status

pbkdf2-scala is an implementation of PBKDF2 in Scala. It is cross-compiled for Scala 2.11, 2.12, and 2.13.

For using it, you can add the following dependency in SBT.

libraryDependencies += "io.github.nremond" %% "pbkdf2-scala" % "0.7.0"

Standards Conformance

This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-512. As a matter of fact, SHA-512 provides a longer bit length and in addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.

Setting the number of iterations

Choosing the correct value for this parameter is thus a trade-off: it should be set as high as possible, to make attacks as difficult as possible, without making legitimate applications unusably slow.

Security Considerations section of RFC 3962 provides a useful example on how to consider that choice.The current default value is set to 210000, based on the OWASP Cheat Sheet Series.

Using the library

You can use the raw PBKDF2 function which as the following signature:

object PBKDF2 {
  def apply(password: Array[Byte], 
            salt: Array[Byte], 
            iterations: Int = 210000, 
            dkLength: Int = 32, 
            cryptoAlgo: String = "HmacSHA512"): Array[Byte]
}

Alternatively, you can use the following functions that will handle the salting for you:

object SecureHash {
  def createHash(password: String,
                 iterations: Int = 210000,
                 dkLength: Int = 32,
                 cryptoAlgo: String = "HmacSHA512"): String

  def validatePassword(password: String, hashedPassword: String): Boolean
}

validatePassword and createHash output are compatible with PassLib for the supported pseudo-random-functions (HmacSHA1, HmacSHA256, HmacSHA512).

Release Notes

  • 0.6: Scala 2.13 and 3 support
  • 0.6: Scala 2.12 and 2.13 support
  • 0.5: Breaking changes in SecureHash to implement a version of Modular Crypt Format (MCF) compatible with PassLib. User of older version of this library can find the previous API here. Update the default security settings to HmacSHA512.
  • 0.4: Introduce the SecureHash class to handle the salting.
  • 0.3: Update the default security settings.

License

See the license.txt file for the terms under which it may be used and distributed.

About

PBKDF2 implementation in Scala

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages