Comments (10)
firaja
commented on May 31, 2024
2
Hi @Colerar,
thank you for your interest in the project!
I'm reviewing the paper and the implementations you provided and see if there is any industry standard.
from password4j.
firaja
commented on May 31, 2024
2
Hi @BigPanda97 the implementation is in progress.
Unfortunately I can work on it only during free time 🤕
from password4j.
firaja
commented on May 31, 2024
2
Hi @Colerar @BigPanda97,
in this branch you can find a preview version of Balloon Hashing: https://github.com/Password4j/password4j/tree/bal
This is the PR: #132
If you can test it along with the implementation you are using it would be great.
Here a quick usage guide for mono thread version (parallelism = 0)
// parameters:
// - algorithm name
// - space cost
// - time cost
// - parallelism
// - delta
BalloonHashingFunction balloonHashingFunction = BalloonHashingFunction.getInstance("SHA-256", 16, 20, 0, 4);
Hash hash = Password.hash("buildmeupbuttercup").addSalt("JqMcHqUcjinFhQKJ").with(balloonHashingFunction);
hash.getResult(); // 2ec8d833db5f88e584ab793950ecfb21657a3816edea8d9e73ea23c13ba2b740and there the M-thread version (parallelism > 0)
BalloonHashingFunction balloonHashingFunction = BalloonHashingFunction.getInstance("SHA-256", 16, 20, 7, 4);
Hash hash = Password.hash("buildmeupbuttercup").addSalt("JqMcHqUcjinFhQKJ").with(balloonHashingFunction);
hash.getResult(); // 1c271e9069cb694ba5ae9d3da1f57be4614063e014410e7c484d7b47f8291bacTODO:
- cryptographic pepper
- documentation
- more tests
- handling of borderline cases
from password4j.
BigPanda97
commented on May 31, 2024
@firaja any news? When will it get implemented?
from password4j.
BigPanda97
commented on May 31, 2024
Unfortunately I can work on it only during free time 🤕
That's absolutely okay, but nice to hear that it will get implemented. 😊
from password4j.
Colerar
commented on May 31, 2024
It looks like a new thread pool is created every time a hash is calculated. So the multi-threaded version may be slower than the non-multi-threaded version. 🤔
from password4j.
firaja
commented on May 31, 2024
@Colerar do you suggest to make the thread pool shared among all the instances of BalloonHashingFunction (in most cases it will be a singleton) with a decent number of threads (e.g. parallelism * k, with k given by the end-user)?
from password4j.
Colerar
commented on May 31, 2024
@Colerar do you suggest to make the thread pool shared among all the instances of
BalloonHashingFunction(in most cases it will be a singleton) with a decent number of threads (e.g.parallelism * k, withkgiven by the end-user)?
Yes, shared thread pool is reasonable.
from password4j.
firaja
commented on May 31, 2024
Hi @Colerar I've updated the PR with a instance-shared forever-living thread pool.
The number of threads is related to the number of available cores and not to the parallelism parameter.
from password4j.
Related Issues (20)
- needRehash function to check if password parameters are up to date HOT 4
- Library cannot be loaded on Java8 JVMs HOT 3
- Bad Shift in Bcrypt cryptRaw HOT 9
- JDK17: java.security.AccessController is deprecated HOT 2
- static block in Password class does not initialize due to NPE HOT 3
- Password4J Module Support HOT 1
- Wrong hashes when characters outside of ISO 8859-1 are used HOT 7
- There is no option to disable console printBanner. HOT 4
- stdout polluted with friendly message HOT 2
- Remove this unnecessary cast to "xxx". HOT 2
- Move assertions into separate method or use assertThrows or try-catch instead. HOT 2
- Align default values to OWASP recommended
- Remove logging functionalities HOT 2
- Add banner HOT 2
- Remove the remaining dependencies
- Argon2 not working as expected HOT 11
- Inconsistency between public and internal APIs HOT 1
- Configurable salt length HOT 8
- Please provide byte array based hashing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from password4j.