Think of password encryption in Java programming and the word “BCrypt” springs to mind. There are such several excellent articles and tutorials written on the subject, that one need only examine those at leisure to incorporate the techniques illustrated with ease. I find that the resources available here and here ought to be worth the time for anyone keen on understanding how password encryption can be used and programmed in Java language.
However, it was not until when I came upon this did I really began to appreciate the value of digging deeper into the world of password encryption algorithms and techniques in Java. Interestingly, a comment that appears here set me off on a search to Argon2 password hashing.
I came upon this excellent resource which uses Jargon2 - an API to assist in implementation of Argon2 password hashing in Java.
To test whether I was on the right track to use this library, I followed the instructions. The salient features were the inclusion of the following in pom.xml of Java project that I created anew in Eclipse IDE. Before adding the following section to the pom.xml, I converted the Java Project to a Maven Project.
<dependency> <groupId>com.kosprov.jargon2</groupId> <artifactId>jargon2-api</artifactId> <version>1.1.1</version> </dependency> <dependency> <groupId>com.kosprov.jargon2</groupId> <artifactId>jargon2-native-ri-backend</artifactId> <version>1.1.1</version> <scope>runtime</scope> </dependency>
The actual code was straightforward copy of the simple example provided and is reproduced below:
import static com.kosprov.jargon2.api.Jargon2.*; public class Jargon2EncodedHashExample { public static void main(String[] args) { byte[] password = "this is a password".getBytes(); // Configure the hasher Hasher hasher = jargon2Hasher() .type(Type.ARGON2d) // Data-dependent hashing .memoryCost(65536) // 64MB memory cost .timeCost(3) // 3 passes through memory .parallelism(4) // use 4 lanes and 4 threads .saltLength(16) // 16 random bytes salt .hashLength(16); // 16 bytes output hash // Set the password and calculate the encoded hash String encodedHash = hasher.password(password).encodedHash(); System.out.printf("Hash: %s%n", encodedHash); // Just get a hold on the verifier. No special configuration needed Verifier verifier = jargon2Verifier(); // Set the encoded hash, the password and verify boolean matches = verifier.hash(encodedHash).password(password).verifyEncoded(); System.out.printf("Matches: %s%n", matches); } }
To make this program run on a standalone basis with all dependencies bundled into it, all I did was to add the following fragment to the pom.xml:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
<archive>
<manifest>
<mainClass>com.test.argon2.Jargon2EncodedHashExample</mainClass>
</manifest>
</archive>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
The author presents lucid examples on how to use the Jargon2 library. For anyone keen on extending password encryption to another level, this should be an interesting find.
