Add Argon2PasswordEncoder #5354
Comments
|
Any news on that? |
|
@WtfJoke Thanks for the bump. I am hesitant to add a dependency on something that uses native code as I think it will be quite challenging for us to support. Note that this is something that would be pretty easy for users to extend on their own as well. |
|
Thanks for your answer, I can understand your reasoning. So this issue is just a reminder for a future library which comes up without native code or whats the reason? |
|
BouncyCastle has ported Argon2 to native Java: https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/generators/Argon2BytesGenerator.java BouncyCastle is licensed under a MIT-like license, so this should be compatible |
|
I'm currently working on wrapping the BouncyCastle-Generator into a Spring Security-PasswordEncoder. If my employer gives me the right to publish this via a PR, I will do so soon (within the next few weeks) :) |
|
Well, this took longer than expected, but we finally managed to tackle all the organisational stuff (in future, contributions by my colleagues and me should be approved much faster) |
rwinch
added
in: crypto
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing Competition (PHC) winner). This implementation uses the BouncyCastle-implementation of Argon2. Fixes gh-5354
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing Competition (PHC) winner). This implementation uses the BouncyCastle-implementation of Argon2. Fixes spring-projectsgh-5354
Summary
It would be nice to have an Argon2PasswordEncoder implementation.
We looked into using https://github.com/phxql/argon2-jvm but it is LGPL v3 which is not compatible with Apache 2.0. Instead we are going to look into using https://github.com/kosprov/jargon2-api
The text was updated successfully, but these errors were encountered: