Skip to content

KevinAtSesam/pbkdf2-scala

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

162 Commits
project
project
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
build.sbt
build.sbt
 
 
license.txt
license.txt
 
 
version.sbt
version.sbt
 
 

Repository files navigation

PBKDF2 Build Status

pbkdf2-scala is an implementation of PBKDF2 in Scala. It is cross-compiled for Scala 2.11, 2.12, and 2.13.

For using it, you can add the following dependency in SBT.

libraryDependencies += "io.github.nremond" %% "pbkdf2-scala" % "0.7.0"

Standards Conformance

This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-512. As a matter of fact, SHA-512 provides a longer bit length and in addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.

Setting the number of iterations

Choosing the correct value for this parameter is thus a trade-off: it should be set as high as possible, to make attacks as difficult as possible, without making legitimate applications unusably slow.

Security Considerations section of RFC 3962 provides a useful example on how to consider that choice.

The current default value is set to 20k.

Using the library

You can use the raw PBKDF2 function which as the following signature:

object PBKDF2 {
  def apply(password: Array[Byte], 
            salt: Array[Byte], 
            iterations: Int = 120000, 
            dkLength: Int = 32, 
            cryptoAlgo: String = "HmacSHA512"): Array[Byte]
}

Alternatively, you can use the following functions that will handle the salting for you:

object SecureHash {
  def createHash(password: String,
                 iterations: Int = 120000,
                 dkLength: Int = 32,
                 cryptoAlgo: String = "HmacSHA512"): String

  def validatePassword(password: String, hashedPassword: String): Boolean
}

validatePassword and createHash output are compatible with PassLib for the supported pseudo-random-functions (HmacSHA1, HmacSHA256, HmacSHA512).

Release Notes

  • 0.6: Scala 2.13 and 3 support
  • 0.6: Scala 2.12 and 2.13 support
  • 0.5: Breaking changes in SecureHash to implement a version of Modular Crypt Format (MCF) compatible with PassLib. User of older version of this library can find the previous API here. Update the default security settings to HmacSHA512.
  • 0.4: Introduce the SecureHash class to handle the salting.
  • 0.3: Update the default security settings.

License

See the license.txt file for the terms under which it may be used and distributed.

About

PBKDF2 implementation in Scala

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Scala 100.0%