Skip to content

Commit 8f6c193

Browse files
kmindikmindi
committed
changes pbkdf2 hash function to SHA-512
1 parent 732178d commit 8f6c193

3 files changed

Lines changed: 6 additions & 5 deletions

File tree

CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
88
## [Unreleased]
99

1010
### Changed
11-
- Increased PBKDF2 salt size to 32 bytes (equal to SHA-256 size)
11+
- Changed PBKDF2 hash function to SHA-512
12+
- Increased PBKDF2 salt size to 64 bytes (equal to SHA-512 size)
1213
- Increased PBKDF2 iterations to 10000
1314

1415
### Fixed

src/main/java/com/cryptoexamples/java/ExampleFileEncryptionInOneMethod.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,12 @@ public static void main(String[] args) {
3636
String password = Base64.getEncoder().encodeToString(keyGen.generateKey().getEncoded());
3737

3838
// GENERATE random salt
39-
final byte[] salt = new byte[32];
39+
final byte[] salt = new byte[64];
4040
SecureRandom random = SecureRandom.getInstanceStrong();
4141
random.nextBytes(salt);
4242

4343
// DERIVE key (from password and salt)
44-
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
44+
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
4545
// Needs unlimited strength policy files http://www.oracle.com/technetwork/java/javase/downloads
4646
KeySpec keyspec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256);
4747
SecretKey tmp = factory.generateSecret(keyspec);

src/main/java/com/cryptoexamples/java/ExampleStringEncryptionPasswordBasedInOneMethod.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,12 @@ public static void main(String[] args) {
4444
String password = Base64.getEncoder().encodeToString(keyGen.generateKey().getEncoded());
4545

4646
// GENERATE random salt (needed for PBKDF2)
47-
final byte[] salt = new byte[32];
47+
final byte[] salt = new byte[64];
4848
SecureRandom random = SecureRandom.getInstanceStrong();
4949
random.nextBytes(salt);
5050

5151
// DERIVE key (from password and salt)
52-
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
52+
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
5353
KeySpec keyspec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256);
5454
SecretKey tmp = factory.generateSecret(keyspec);
5555
SecretKey key = new SecretKeySpec(tmp.getEncoded(), "AES");

0 commit comments

Comments
 (0)