Class SCryptPasswordEncoder
java.lang.Object
org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder
org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
- All Implemented Interfaces:
PasswordEncoder
Implementation of PasswordEncoder that uses the SCrypt hashing function. Clients can optionally supply a cpu cost parameter, a memory cost parameter and a parallelization parameter.
A few warnings:
- The currently implementation uses Bouncy castle which does not exploit parallelism/optimizations that password crackers will, so there is an unnecessary asymmetry between attacker and defender.
- Scrypt is based on Salsa20 which performs poorly in Java (on par with AES) but performs awesome (~4-5x faster) on SIMD capable platforms
- While there are some that would disagree, consider reading - Why I Don't Recommend Scrypt (for password storage)
-
Constructor Summary
ConstructorsConstructorDescriptionSCryptPasswordEncoder(int cpuCost, int memoryCost, int parallelization, int keyLength, int saltLength) Constructs a SCrypt password encoder with the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionstatic SCryptPasswordEncoderDeprecated.static SCryptPasswordEncoderConstructs a SCrypt password encoder with cpu cost of 65,536, memory cost of 8, parallelization of 1, a key length of 32 and a salt length of 16 bytes.protected StringencodeNonNullPassword(String rawPassword) protected booleanmatchesNonNull(String rawPassword, String encodedPassword) protected booleanupgradeEncodingNonNull(String encodedPassword) Methods inherited from class org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder
encode, matches, upgradeEncoding
-
Constructor Details
-
SCryptPasswordEncoder
public SCryptPasswordEncoder(int cpuCost, int memoryCost, int parallelization, int keyLength, int saltLength) Constructs a SCrypt password encoder with the provided parameters.- Parameters:
cpuCost- cpu cost of the algorithm (as defined in scrypt this is N). must be power of 2 greater than 1. Default is currently 65,536 or 2^16)memoryCost- memory cost of the algorithm (as defined in scrypt this is r) Default is currently 8.parallelization- the parallelization of the algorithm (as defined in scrypt this is p) Default is currently 1. Note that the implementation does not currently take advantage of parallelization.keyLength- key length for the algorithm (as defined in scrypt this is dkLen). The default is currently 32.saltLength- salt length (as defined in scrypt this is the length of S). The default is currently 16.
-
-
Method Details
-
defaultsForSpringSecurity_v4_1
Deprecated.UsedefaultsForSpringSecurity_v5_8()insteadConstructs a SCrypt password encoder with cpu cost of 16,384, memory cost of 8, parallelization of 1, a key length of 32 and a salt length of 64 bytes.- Returns:
- the
SCryptPasswordEncoder - Since:
- 5.8
-
defaultsForSpringSecurity_v5_8
Constructs a SCrypt password encoder with cpu cost of 65,536, memory cost of 8, parallelization of 1, a key length of 32 and a salt length of 16 bytes.- Returns:
- the
SCryptPasswordEncoder - Since:
- 5.8
-
encodeNonNullPassword
- Specified by:
encodeNonNullPasswordin classAbstractValidatingPasswordEncoder
-
matchesNonNull
- Specified by:
matchesNonNullin classAbstractValidatingPasswordEncoder
-
upgradeEncodingNonNull
- Overrides:
upgradeEncodingNonNullin classAbstractValidatingPasswordEncoder
-
defaultsForSpringSecurity_v5_8()instead