Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reliable implementation of PBKDF2-HMAC-SHA256 for JAVA

UPDATED 2019: Bouncycastle now support PBKDF2-HMAC-SHA256 since bouncycastle 1.60


Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?

I used to encrypt using bouncycastle but it does not provide PBKDF2WithHmacSHA256'.

I do not want to write crypto module by myself.

Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)

(here are the algorithms that bouncycastle supports) http://www.bouncycastle.org/specifications.html

like image 938
dgregory Avatar asked Mar 22 '14 17:03

dgregory


People also ask

What is PBKDF2 HMAC SHA256?

The PBKDF2-HMAC-SHA256 Password Storage Scheme provides a mechanism for encoding user passwords using the PBKDF2-HMAC-SHA256 message digest algorithm. This scheme contains an implementation for the user password syntax, with a storage scheme name of "PBKDF2-HMAC-SHA256".

What is PBKDF2 with HMAC sha1?

PBKDF2 is a widely used method to derive a key of given length based on a given password, salt and number of iterations. In this case it specifically uses HMAC with the SHA-1 hash function, which is the default as per RFC2898.

Is HMAC 256 secure?

HMAC-SHA256 is extremely safe. In the question's use, the key is large (48 characters, likely >160 bits of entropy). From a theoretical standpoint, everything checks. HMAC is demonstrably resistant (to 128-bit level) even if an adversary can obtain the MAC of chosen messages, under weak hypothesis for SHA-256 (see M.


1 Answers

Using BouncyCastle classes directly:

PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); 
like image 121
Pasi Avatar answered Sep 28 '22 10:09

Pasi