Password4j

Password4j is a Java fluent cryptographic library specialised on password encryption with different Key derivation functions (KDFs) and Cryptographic hash functions (CHFs).

Protect passwords with methodologies recommended by OWASP with few and portable configurations, free of dependencies, running on a battle-tested implementation in pure Java. Free of charge.

Use Password4j when you need to

• Use the most modern and secure hashing cryptographic functions

• Change the configuration of the algorithm without your users having to reset their password

• Keep your application OS-independent ( e.g. you don't want to rely on JNI)

• Choose the algorithms' parameters depending on your system capabilities

• Make your application using unsecure hashing functions (like MD5 or SHA) compliant to organizational standards

What is hashing

Hashing is the process of generating a string, or hash or digest, from a given message using a function known as a Cryptographic hash function. Cryptographic hash functions have many properties:

• Deterministic: the same message processed by the same hash function must always produce the same hash

• Pre-Image Resistance: given the hash, it must be computationally impracticable to search for an input string that gives the same hash

• Second Pre-Image Resistance:given an input and its hash, it must be computationally impracticable to search for a different input string that gives the same hash

• Collision Resistance: it must be computationally impracticable to search for two different input strings that gives the same hash

Also, password hashing functions must be slow. A fast algorithm would aid brute force attacks in which a hacker will attempt to guess a password by hashing and comparing billions (or trillions) of potential passwords per second.

What algorithm to choose

This is not a security advice, but here some hints:

• Argon2: resistant to GPU/ASIC attacks, TMTO attacks and side channel attacks but may require a lot of resources.
  OWASP recommends using it with minimum configuration of 15 MiB of memory, an iteration count of 2, and 1 degree of parallelism

• scrypt: gains an arbitrary level of parallelism over bcrypt. When slow enough, can resist to GPU/ASIC attacks but it is weak to TMTO attacks.
  OWAPS recommends using it (if Argon2's adoption is not feasible) with a minimum CPU/memory cost parameter of 2 ¹⁶, a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1

• bcrypt: a general better choice than PBKDF2. It suffers against GPU/ASIC attacks but it is resistant to TMTO attacks.
  OWAPS recommends using it (if scrypt's adoption is not feasible) with a work factor of 10 or more and with a password limit of 72 bytes

• PBKDF2: very weak to GPU/ ASIC attacks, due to its small consumption of memory. It is still commonly seen in enterprise web applications.
  OWASP recommends using it with a work factor of 310,000 or more and with an internal hash function of HMAC-SHA-256 in case bcrypt is not available

• MD5: never use it. Password4j still maintains this function just to make the transition to stronger algorithms easier. If your project still uses MD5 to hash passwords you have a severe security issue. Please follow this example in order to fix the problem

Upgrade now your project!

JCA compliancy

The side project Password4j-JCA extends the Java Cryptography Architecture so that you can use all the algorithms provided by Password4j. Because of the nature of the Security Providers, this library is compatible with Java 9 and up.

Give it a try!