Menu
Is there PBKDF2 implementation for Android. I am trying to derive a key using PBKDF2 function. I couldn't find an example to do so.
757
PBKDF2 (Password Based Key Derivation Function 2) is typically used for deriving a cryptographic key from a password. It may also be used for key storage, but an alternate key storage KDF such as Scrypt is generally considered a better solution.
It is based on iteratively deriving HMAC many times with some padding. The PBKDF2 algorithm is described in the Internet standard RFC 2898 (PKCS #5). Technically, the input data for PBKDF2 consists of: password – array of bytes / string, e.g. "p@$Sw0rD~3" (8-10 chars minimal length is recommended)
PBKDF2 is recommended by NIST and has FIPS-140 validated implementations. So, it should be the preferred algorithm when these are required. PBKDF2 requires that you select an internal hashing algorithm such as an HMAC or a variety of other hashing algorithms. HMAC-SHA-256 is widely supported and is recommended by NIST.
PBKDF2 is a password-based key derivation function: starting from a password, the algorithm generates a key of fixed length. PBKDF2 can be described as a chain of several instances of a pseudorandom function.
Late to the party, but a lot of Android devices DO include PBKDF2 with the standard SecretKeyFactory. However, a lot of people recommend using something like Spongycastle to guarantee that you'll have that algorithm available.
It does throw an exception if it can't find one
SecretKeyFactory keyFactory = null;
try
{
keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
}
catch (NoSuchAlgorithmException e)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
