Secure Password Validation & Storage
Index
- Description.
- Use Cases.
- Pre-requisites.
- Configuration.
- Packaging.
- Deployment.
- List of Services.
- Changelog.
- Additional Resources.
Description
Component used for symmetric encryption and secure hash generation (scrypt key derivation function) for secure password storage.
Use Cases
Securely Storing Credentials
Securely Validating Credentials
Pre-requisites
For this component to work properly, some pre-requisites are needed:
- Java 7 and above.
- Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
scrypt
at OS level. For mac users, usebrew install scrypt
.
Configuration
No configuration needed.
Packaging
In order to compile and package this component in it's JAR form, maven 3.0 or above is needed, just type the command mvn clean package
where the pom.xml
file is, and the password-encryption-x.x.x.jar
file will be created at password-encryption/target
.
Deployment
This component is deployed as a dependency for other projects.
List of Services
No services exposed as APIs.
Changelog
VERSION | DESCRIPTION |
---|---|
1.1.0 | BUG FIXED: When encrypting a hashed password and its salt, the same IV was used which is incorrect. Another IV is generated for the SALT exclusively. |
1.0.0 | First version of the component. |
Additional Resources
- scrypt key derivation function
- Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
- Apache Maven
- NIST Recommendation for Block 2001 Edition Cipher Modes of Operation: Methods and Techniques
- NIST Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption