Password4j is a Java fluent cryptographic library for hashing and checking passwords with different
Key derivation functions (KDFs) and Cryptographic hash functions (CHFs).
You can hash passwords with
Use Password4j when you need to
Use the most modern and secure hashing cryptographic functions
Change the configuration of the algorithm without your users having to reset their password
Keep your application OS-independent ( e.g. you don't want to rely on JNI)
Choose the algorithms' parameters depending on your system capabilities
Make your application using unsecure hashing functions (like MD5 or SHA) compliant to organizational standards
Wait...what is hashing?
Hashing is the process of generating a string, or hash or digest, from a given message using a function known as a Cryptographic hash function. Cryptographic hash functions have many properties:
Also, though, password hashing functions must be slow. A fast algorithm would aid brute force attacks in which a hacker will attempt to guess a password by hashing and comparing billions (or trillions) of potential passwords per second.
Deterministic: the same message processed by the same hash function must always produce the same hash
Pre-Image Resistance: given the hash, it must be computationally impracticable to search for an input string that gives the same hash
Second Pre-Image Resistance:given an input and its hash, it must be computationally impracticable to search for a different input string that gives the same hash
Collision Resistance: it must be computationally impracticable to search for two different input strings that gives the same hash
What algorithm should I use?
This is not a security advice, but here some hints:
Argon2: resistant to GPU/ASIC attacks, TMTO attacks and side channel attacks but may require a lot of resources.
OWASP recommends using it with minimum configuration of 15 MiB of memory, an iteration count of 2, and 1 degree of parallelism
scrypt: gains an arbitrary level of parallelism over bcrypt. When slow enough, can resist to GPU/ASIC attacks but it is weak to TMTO attacks.
OWAPS recommends using it (if Argon2's adoption is not feasible) with a minimum CPU/memory cost parameter of (2^16), a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1
bcrypt: a general better choice than PBKDF2. It suffers against GPU/ASIC attacks but it is resistant to TMTO attacks.
OWAPS recommends using it (if scrypt's adoption is not feasible) with a work factor of 10 or more and with a password limit of 72 bytes
PBKDF2: very weak to GPU/ ASIC attacks, due to its small consumption of memory. It is still commonly seen in enterprise web applications.
OWASP recommends using it with a work factor of 310,000 or more and with an internal hash function of HMAC-SHA-256 in case bcrypt is not available
MD5: never use it. Password4j still maintains this function just to make the transition to stronger algorithms easier. If your project still uses MD5
to hash passwords you have a severe security issue. Please follow this example in order to fix the problem.
Upgrade now your project!
Is it JCA compliant?
Yes! The side project Password4j-JCA extends the Java Cryptography Architecture so that you can use all the
algorithms provided by Password4j. Because of the nature of the Security Providers, this library is compatible with Java 9 and up.
Give it a try!