Recommended settings
In this page you will find advices on which configuration is better.
| Algorithm | Should I use it? | CPU resistant | GPU/ASIC resistant | FPGA resistant | SCA resistant | TMTO resistant |
|---|---|---|---|---|---|---|
| Message Digest | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
| PBKDF2 | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ |
| bcrypt | 🟡 | ✅ | ✅ | ❌ | ❌ | ✅ |
| scrypt | ✅ | ✅ | ✅ | 🟡 | ❌ | ❌ |
| Argon2 | ✅ | ✅ | ✅ | ✅ | ✅ (d, id) |
✅ (i, id) |
If your JVM supports it, use SHA-512 or SHA-256 if not present.
In order to check the supported algorithms by your JVM you can use AlgorithmFinder.getAllPBKDF2Variants()
AlgorithmFinder.getAllPBKDF2Variants().forEach(System.out::println);
// PBKDF2WithHmacSHA1
// PBKDF2WithHmacSHA224
// PBKDF2WithHmacSHA256
// PBKDF2WithHmacSHA384
// PBKDF2WithHmacSHA512Always use a number greater or equals than 10000.
At least 256 bytes. If your algorithm produces more bytes, use a greater or equals number (e.g. SHA-512 produces 512 bytes so length should be at least 512).
If your application requires n milliseconds in order to hash a password and you don't know how many iterations to use, you can use the SystemChecker tool.
long n = 100;
BenchmarkResult<PBKDF2Function> result = SystemChecker.benchmarkPBKDF2(n, Hmac.SHA512, 512);
int numberOfIterations = result.getPrototype().getIterations(); // 48750
long realElapsed = result.getElapsed() // 89In this example a PBKDF2 implementation that hashes a password (Shannon Entropy Index = 4.80) with SHA-512 in less than 100 milliseconds must have at most 48750 iterations. The real elapsed time for this configuration is 89 milliseconds.
Always use minor b.
Version a mis-handles characters with the 8th bit set, x was used by system administrators to mark those bad hashes and y is used for the fixed version of the algorithm. b solves issues with password with more than 255 characters.
We always recommend at least 10 rounds.
If your application requires n milliseconds in order to hash a password and you don't know how many rounds to use, you can use the SystemChecker tool.
long n = 300;
BenchmarkResult<BCryptFunction> result = SystemChecker.benchmarkBcrypt(n);
int numberOfIterations = result.getPrototype().getLogarithmicRounds(); // 12
long realElapsed = result.getElapsed() // 247In this example a bcrypt implementation that hashes a password (Shannon Entropy Index = 4.80) in less than 300 milliseconds must have at most 12 rounds. The real elapsed time for this configuration is 247 milliseconds.
Never use it. It is shipped in this library for backward-compatibility.
