UPDATED 2019: Bouncycastle now support PBKDF2-HMAC-SHA256 since bouncycastle 1.60
Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?
I used to encrypt using bouncycastle but it does not provide PBKDF2WithHmacSHA256'.
I do not want to write crypto module by myself.
Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)
(here are the algorithms that bouncycastle supports) http://www.bouncycastle.org/specifications.html
The PBKDF2-HMAC-SHA256 Password Storage Scheme provides a mechanism for encoding user passwords using the PBKDF2-HMAC-SHA256 message digest algorithm. This scheme contains an implementation for the user password syntax, with a storage scheme name of "PBKDF2-HMAC-SHA256".
PBKDF2 is a widely used method to derive a key of given length based on a given password, salt and number of iterations. In this case it specifically uses HMAC with the SHA-1 hash function, which is the default as per RFC2898.
HMAC-SHA256 is extremely safe. In the question's use, the key is large (48 characters, likely >160 bits of entropy). From a theoretical standpoint, everything checks. HMAC is demonstrably resistant (to 128-bit level) even if an adversary can obtain the MAC of chosen messages, under weak hypothesis for SHA-256 (see M.
Using BouncyCastle classes directly:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With