Package org.springframework.security.crypto.argon2

Class Argon2PasswordEncoder

java.lang.Object

org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder

org.springframework.security.crypto.argon2.Argon2PasswordEncoder

All Implemented Interfaces:

PasswordEncoder

public class Argon2PasswordEncoder
extends AbstractValidatingPasswordEncoder

Implementation of PasswordEncoder that uses the Argon2 hashing function. Clients can optionally supply the length of the salt to use, the length of the generated hash, a cpu cost parameter, a memory cost parameter and a parallelization parameter.

Note:

The currently implementation uses Bouncy castle which does not exploit parallelism/optimizations that password crackers will, so there is an unnecessary asymmetry between attacker and defender.

Since:

5.3

Constructor Summary

Constructors

Constructor	Description
Argon2PasswordEncoder(int saltLength, int hashLength, int parallelism, int memory, int iterations)	Constructs an Argon2 password encoder with the provided parameters.

Method Summary

Modifier and Type	Method	Description
static Argon2PasswordEncoder	defaultsForSpringSecurity_v5_2()	Deprecated. Use defaultsForSpringSecurity_v5_8() instead
static Argon2PasswordEncoder	defaultsForSpringSecurity_v5_8()	Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length of 32 bytes, parallelism of 1, memory cost of 1 << 14 and 2 iterations.
protected String	encodeNonNullPassword(String rawPassword)
protected boolean	matchesNonNull(String rawPassword, String encodedPassword)
protected boolean	upgradeEncodingNonNull(String encodedPassword)

Methods inherited from class org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder

encode, matches, upgradeEncoding

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Argon2PasswordEncoder

public Argon2PasswordEncoder(int saltLength,
 int hashLength,
 int parallelism,
 int memory,
 int iterations)

Constructs an Argon2 password encoder with the provided parameters.

Parameters:

saltLength - the salt length (in bytes)

hashLength - the hash length (in bytes)

parallelism - the parallelism

memory - the memory cost

iterations - the number of iterations

Method Details

defaultsForSpringSecurity_v5_2

@Deprecated
public static Argon2PasswordEncoder defaultsForSpringSecurity_v5_2()

Deprecated.

Use defaultsForSpringSecurity_v5_8() instead

Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length of 32 bytes, parallelism of 1, memory cost of 1 << 12 and 3 iterations.

Returns:

the Argon2PasswordEncoder

Since:

5.8

defaultsForSpringSecurity_v5_8

public static Argon2PasswordEncoder defaultsForSpringSecurity_v5_8()

Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length of 32 bytes, parallelism of 1, memory cost of 1 << 14 and 2 iterations.

Returns:

the Argon2PasswordEncoder

Since:

5.8

encodeNonNullPassword

protected String encodeNonNullPassword(String rawPassword)

Specified by:

encodeNonNullPassword in class AbstractValidatingPasswordEncoder

matchesNonNull

protected boolean matchesNonNull(String rawPassword,
 String encodedPassword)

Specified by:

matchesNonNull in class AbstractValidatingPasswordEncoder

upgradeEncodingNonNull

protected boolean upgradeEncodingNonNull(String encodedPassword)

Overrides:

upgradeEncodingNonNull in class AbstractValidatingPasswordEncoder