pbkdf2-scala is an implementation of PBKDF2 in Scala. It is cross-compiled for Scala 2.11, 2.12, and 2.13.
For using it, you can add the following dependency in SBT.
libraryDependencies += "io.github.nremond" %% "pbkdf2-scala" % "0.7.0"
This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-512. As a matter of fact, SHA-512 provides a longer bit length and in addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.
Choosing the correct value for this parameter is thus a trade-off: it should be set as high as possible, to make attacks as difficult as possible, without making legitimate applications unusably slow.
Security Considerations section of RFC 3962 provides a useful example on how to consider that choice.The current default value is set to 210000, based on the OWASP Cheat Sheet Series.
You can use the raw PBKDF2 function which as the following signature:
object PBKDF2 {
def apply(password: Array[Byte],
salt: Array[Byte],
iterations: Int = 210000,
dkLength: Int = 32,
cryptoAlgo: String = "HmacSHA512"): Array[Byte]
}
Alternatively, you can use the following functions that will handle the salting for you:
object SecureHash {
def createHash(password: String,
iterations: Int = 210000,
dkLength: Int = 32,
cryptoAlgo: String = "HmacSHA512"): String
def validatePassword(password: String, hashedPassword: String): Boolean
}
validatePassword and createHash output are compatible with PassLib for the supported pseudo-random-functions (HmacSHA1
, HmacSHA256
, HmacSHA512
).
- 0.6: Scala 2.13 and 3 support
- 0.6: Scala 2.12 and 2.13 support
- 0.5:
Breaking changes in
SecureHash
to implement a version of Modular Crypt Format (MCF) compatible with PassLib. User of older version of this library can find the previous API here. Update the default security settings toHmacSHA512
. - 0.4:
Introduce the
SecureHash
class to handle the salting. - 0.3: Update the default security settings.
See the license.txt
file for the terms under which it may be used and distributed.