A free Java implementation of RFC 2898 / PKCS#5 PBKDF2

http://rtner.de/software/PBKDF2.html

• Addressed Issue #7 Checking password is not constant time algorithm
• Addressed Issue #8 SimplePBKDF2 fails with multibyte chars

• Travis complains about unit test characters. Not publishing this version.

• Checked that SaltedDatabaseServerLoginModule continues to work with WildFly10
• See README-WildFly10.md, sample Web Application remains unchanged.
• Minor code change to "main" function: option "-i " added to specify desired (create mode) or minimal (verification mode) iteration count on the PBKDF2Engine command line. Default remains at 1000.

• Issues resolved
• Unable to resolve dependencies due to + sign in version number
• Prevented undeclared dependency in Picketbox on "org.jboss.logging", required for clean compile, from appearing in our POM.
• Checked that SaltedDatabaseServerLoginModule continues to work with WildFly9
• See README-WildFly9.md, sample Web Application remains unchanged.
• No code change.

• Added SimplePBKDF2 convenience class
• Updated SaltedDatabaseServerLoginModule to work with WildFly8
• See README-WildFly8.md for configuration instructions via provided sample Web Application PBKDF2-Sample-1.1.0.war.

• Connected to Travis CI
• 
• No non-comment code changes, not published.

• Main code unchanged
• Checking RFC 6070 values via JUnit tests now
• Converted to Gradle
• Uploaded artefacts to Maven Central
• GPG-signed tags
• JBoss SaltedDatabaseServerLoginModule removed from artefacts
• Need to get this working with WildFly 8.1 first...

• Added test program for RFC 6070 test vector #6. No code change.

• Added JBoss SaltedDatabaseServerLoginModule

• Ant build

// Salt 8 bytes SHA1PRNG, HmacSHA1, 1000 iterations, ISO-8859-1
String s = new SimplePBKDF2().deriveKeyFormatted("password");
// s === "CCD16F76AF3DE30A:1000:B53849A7E20883C77618D3AD16269F98BC4DCA19"
boolean ok = new SimplePBKDF2().verifyKeyFormatted(s, "password");

byte[] salt = new byte[8];
SecureRandom.getInstance("SHA1PRNG").nextBytes(salt);
PBKDF2Parameters p = new PBKDF2Parameters("HmacSHA256", "UTF-8", salt, 2000);
byte[] dk = new PBKDF2Engine(p).deriveKey("Hello World");
System.out.println(BinTools.bin2hex(dk));
// Result is 64-character Base64 value. Note SHA256, different from RFC 6070.

> java -jar PBKDF2-1.1.4.jar "Hello World!"
AA2C42862321D0A5:1000:296C7F0EA94D0E79D6771D74158860608E8C7F73

> java -jar PBKDF2-1.1.4.jar -i 12288 password
082EFFA9F93CE8BB:12288:C24AC4382DFF88284F1B8338C3CCD95E3221B900

> java -jar PBKDF2-1.1.4.jar -i 12288 password 082EFFA9F93CE8BB:12288:C24AC4382DFF88284F1B8338C3CCD95E3221B900
OK

> echo %ERRORLEVEL%
0

> java -jar PBKDF2-1.1.4.jar -i 12289 password 082EFFA9F93CE8BB:12288:C24AC4382DFF88284F1B8338C3CCD95E3221B900
FAIL

> java -jar PBKDF2-1.1.4.jar -i 12288 password 082EFFA9F93CE8BB:12288:C24AC4382DFF88284F1B8338C3CCD95E3221B999
FAIL

> echo %ERRORLEVEL%
1

<dependency>
    <groupId>de.rtner</groupId>
    <artifactId>PBKDF2</artifactId>
    <version>1.1.4</version>
</dependency>

'de.rtner:PBKDF2:1.1.4'

The version tag is signed with GnuPG keypair 0x6FFA6075617898B7

pub  2048R/617898B7 2014-09-24 Matthias Gaertner (2014/09) <mgaert@web.de>
     Fingerprint=E510 7F88 F901 EEAF 622A  F1DE 6FFA 6075 6178 98B7