Comments (10)
Hi @Colerar,
thank you for your interest in the project!
I'm reviewing the paper and the implementations you provided and see if there is any industry standard.
from password4j.
Hi @BigPanda97 the implementation is in progress.
Unfortunately I can work on it only during free time 🤕
from password4j.
Hi @Colerar @BigPanda97,
in this branch you can find a preview version of Balloon Hashing: https://github.com/Password4j/password4j/tree/bal
This is the PR: #132
If you can test it along with the implementation you are using it would be great.
Here a quick usage guide for mono thread version (parallelism = 0
)
// parameters:
// - algorithm name
// - space cost
// - time cost
// - parallelism
// - delta
BalloonHashingFunction balloonHashingFunction = BalloonHashingFunction.getInstance("SHA-256", 16, 20, 0, 4);
Hash hash = Password.hash("buildmeupbuttercup").addSalt("JqMcHqUcjinFhQKJ").with(balloonHashingFunction);
hash.getResult(); // 2ec8d833db5f88e584ab793950ecfb21657a3816edea8d9e73ea23c13ba2b740
and there the M-thread version (parallelism > 0
)
BalloonHashingFunction balloonHashingFunction = BalloonHashingFunction.getInstance("SHA-256", 16, 20, 7, 4);
Hash hash = Password.hash("buildmeupbuttercup").addSalt("JqMcHqUcjinFhQKJ").with(balloonHashingFunction);
hash.getResult(); // 1c271e9069cb694ba5ae9d3da1f57be4614063e014410e7c484d7b47f8291bac
TODO:
- cryptographic pepper
- documentation
- more tests
- handling of borderline cases
from password4j.
@firaja any news? When will it get implemented?
from password4j.
Unfortunately I can work on it only during free time 🤕
That's absolutely okay, but nice to hear that it will get implemented. 😊
from password4j.
It looks like a new thread pool is created every time a hash is calculated. So the multi-threaded version may be slower than the non-multi-threaded version. 🤔
from password4j.
@Colerar do you suggest to make the thread pool shared among all the instances of BalloonHashingFunction
(in most cases it will be a singleton) with a decent number of threads (e.g. parallelism * k
, with k
given by the end-user)?
from password4j.
@Colerar do you suggest to make the thread pool shared among all the instances of
BalloonHashingFunction
(in most cases it will be a singleton) with a decent number of threads (e.g.parallelism * k
, withk
given by the end-user)?
Yes, shared thread pool is reasonable.
from password4j.
Hi @Colerar I've updated the PR with a instance-shared forever-living thread pool.
The number of threads is related to the number of available cores and not to the parallelism
parameter.
from password4j.
Related Issues (20)
- needRehash function to check if password parameters are up to date HOT 4
- Library cannot be loaded on Java8 JVMs HOT 3
- Bad Shift in Bcrypt cryptRaw HOT 9
- JDK17: java.security.AccessController is deprecated HOT 2
- static block in Password class does not initialize due to NPE HOT 3
- Password4J Module Support HOT 1
- Wrong hashes when characters outside of ISO 8859-1 are used HOT 7
- There is no option to disable console printBanner. HOT 4
- stdout polluted with friendly message HOT 2
- Remove this unnecessary cast to "xxx". HOT 2
- Move assertions into separate method or use assertThrows or try-catch instead. HOT 2
- Align default values to OWASP recommended
- Remove logging functionalities HOT 2
- Add banner HOT 2
- Remove the remaining dependencies
- Argon2 not working as expected HOT 11
- Inconsistency between public and internal APIs HOT 1
- Configurable salt length HOT 8
- Please provide byte array based hashing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from password4j.