outr / scalapass   1.2.4

GitHub

Useful tools for managing storage and validation of passwords in Scala applications

scalapass

CI

Straight-forward password hashing and verification using the latest algorithms. Currently, supports:

  • Argon2(i, d, and id)
  • PBKDF2

SBT

libraryDependencies += "com.outr" %% "scalapass" % "1.2.4"

Creating a hash

import com.outr.scalapass.Argon2PasswordFactory

val factory = Argon2PasswordFactory()
// factory: Argon2PasswordFactory = Argon2PasswordFactory(
//   iterations = 50,
//   memory = 65536,
//   parallelism = 8,
//   argon2 = id,
//   saltLength = 16,
//   hashLength = 32
// )
val password: String = "your-password-in-clear-text"
// password: String = "your-password-in-clear-text"
val hashed: String = factory.hash(password)
// hashed: String = "$argon2id$v=19$m=65536,t=50,p=8$7lY9GZ2HWkqQzQTKoE4ovA$NVYuL6+sWyU+c7Y9qnhlm+B5wihFVUhQ/DCbosk5Rxc"

Now store the one-way hashed password safely in your database.

Verifying a hash

val attemptedPassword: String = "your-password-in-clear-text"
// attemptedPassword: String = "your-password-in-clear-text"
val hashedPassword: String = hashed  // From the database
// hashedPassword: String = "$argon2id$v=19$m=65536,t=50,p=8$7lY9GZ2HWkqQzQTKoE4ovA$NVYuL6+sWyU+c7Y9qnhlm+B5wihFVUhQ/DCbosk5Rxc"  // From the database
val valid: Boolean = factory.verify(attemptedPassword, hashedPassword)
// valid: Boolean = true

Will return true if the attemptedPassword is the same as the one used to create the hashedPassword