Packages

p

webcrank

password

package password

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. All

Type Members

  1. case class BCrypt(cost: Int) extends PasswordSpec with Product with Serializable

    BCrypt key derivation algorithm defined by Provos and Mazieres].

  2. sealed trait Digest extends AnyRef
  3. case class MCF(identifier: String, content: List[String]) extends Product with Serializable
  4. case class PBKDF2(rounds: Int, saltbytes: Int, size: Int, digest: Digest) extends PasswordSpec with Product with Serializable

    PBKDF #2 algorithm defined in rfc2892 utilizing an HMAC SHA1 as the underlying auth.

    PBKDF #2 algorithm defined in rfc2892 utilizing an HMAC SHA1 as the underlying auth.

    Note: That SHA256 and SHA512 can only be used with JDK8+ or with a custom JCE provider that supports this algorithm such as BSAFE or IAIK.

  5. sealed trait PasswordSpec extends AnyRef

    Define password algorithm and parameters.

    Define password algorithm and parameters.

    This library shall provide the tools required to switch between algorithms and change parameters on existing password databases.

    Unless a serious security issue occurs with one of the follow _all_ algorithms will remain available.

    There is the potential that algorithms may be _added_ in the future as required.

    For guidance consider using OWASP password cheat sheet. See Password#{algorithm} methods for convenience and default parameters.

  6. case class Passwords(spec: PasswordSpec) extends Product with Serializable

    Standard interface for dealing with self-contained key-deriviation functions.

    Standard interface for dealing with self-contained key-deriviation functions.

    Passwords will crypt based upon the provided spec, but verify based on arguments included in MCF style string. This means it is safe to simply change the spec and new passwords will meet the new security requirements whilst old passwords can still be verified.

  7. case class SCrypt(n: Int, r: Int, p: Int) extends PasswordSpec with Product with Serializable

    SCrypt key derivation algorithm defined by Percival in draft-josefsson-scrypt-kdf-01.

Value Members

  1. object Callibrate
  2. object MCFString
  3. object Passwords extends Serializable

    Build passwords structure using default (overridable) algorithm parameters.

    Build passwords structure using default (overridable) algorithm parameters.

    Each algorithm has sensible defaults, but consider careful research and potentailly doing computation tests on your hardware to make the most appropriate choice (read as: set as high as you can before the performance becomes crippling).

    In terms of algorithms selection there are a few factors that should be considered:

    • availability of algorithm
    • trust of underlying implementation
    • work factors of algorithm
    • validation requirements

    Availability of algorithm

    Of the provided algorithms scrypt, bcrypt and PBKDF2 with HMAC-SHA1 are always available. PBKDF2 with HMAC-SHA256 or HMAC-SHA512 are only available on JDK8 or with a custom JCE provider such as IAIK or BSAFE.

    The fact that PBKDF2 is stuck with HMAC-SHA1 by default potentially makes it less desirable.

    Trust of underlying implementaion

    Trust of underlying implementations is difficult, but all implementations are open source and can be audited:

    There is some ongoing effort to complete a review of the scrypt and bcrypt implementations.

    Work factors

    Work factors of underlying algorithm is also difficult to classify because of the number of variables invloved (CPU, Memory, etc...).

    Reading is possibly the only solution, but it is worth noting that scrypt was specifically designed to be more difficult to run with modern computing constraints (or lack there of) on FGPAs and alike. Scrypt is build on top of PBKDF2 with HMAC-SHA256. The [scrypt paper](http://www.tarsnap.com/scrypt/scrypt.pdf) has some insight into this.

    In terms of choosing appropriate factors, measurement is often the best approach. As a general rule you would want to tune the algorithm so password generation takes ~100ms. There are some factors listed in the OWASP password cheatsheet which is a pretty good source of information

    Validation requirements

    Validation requirements are easier. You will know if you have them. PBKDF2 is the only NIST approved algorithm.

  4. object SHA1 extends Digest with Product with Serializable
  5. object SHA256 extends Digest with Product with Serializable
  6. object SHA512 extends Digest with Product with Serializable

Ungrouped