Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

Merits-demerits of password hashing methods with Java SE / Spring Security API

# Method PBKDF2 bcrypt scrypt Argon2
1 Implementation SecretKeyFactory(PBKDF2WithHmacSHA256) BCryptPasswordEncoder SCryptPasswordEncoder Argon2PasswordEncoder
2 prerequisites JDK 8 or later Spring Security*1 Spring Security + Bouncy Castle*2 Spring Security + Bouncy Castle*3
3 result type byte[] String String String
4 result content hash value Modular Crypt Format*4 Original*5 ?
  • PBKDF2 with PBKDF2WithHmacSHA256 is the most portable and FIPS 140-2 compliant way*6*7 to hash password.
  • bcrypt is an easy way (don't require additional libraries) to get a stronger hashing method when you already use Spring Security, with due consideration of the 72-byte length limitation *8. The output is compliant with Modular Crypt Format, but I didn't test compatibility with crypt(5) or PassLib.
  • You can use scrypt or Argon2 if you can use Spring Security and Bouncy castle.

Note: JavaEE 8 specification has the interface javax.security.enterprise.identitystore.Pbkdf2PasswordHash to generate a hash with PBKDF2*9. I don't have an environment to evaluate the implementation (Eclipse Soteria) so I omitted it from the list.