This project is dedicated to testing and validating various password hashing security implementations in Java. It showcases different algorithms and their usage, providing a practical insight into modern password security in Java applications.
- SHA256Hashing.java: Utilizes the SHA-256 algorithm for hashing passwords. It's a part of the SHA-2 family of cryptographic hash functions but is generally not recommended for password hashing due to its speed and susceptibility to brute-force attacks.
- SHA512Hashing.java: Employs the SHA-512 algorithm. While more secure than SHA-256 due to a larger hash size, it shares similar limitations for password security.
- Argon2Hashing.java: Implements the Argon2 algorithm, the winner of the Password Hashing Competition. It is designed to be resistant to GPU cracking attacks and is recommended for new applications.
- BCryptHashing.java: Uses the BCrypt algorithm, which is widely regarded for its security features, including built-in salting and adaptive hash functions.
- PBKDF2Hashing.java: Hashes passwords using the PBKDF2 (Password-Based Key Derivation Function 2) algorithm. It's a part of RSA Laboratories' PKCS series and is known for its customizability in terms of iterations.
- Java Development Kit (JDK) - Version 21 or higher.
- Maven - For managing dependencies and running the project.
- An IDE like IntelliJ IDEA, Eclipse, or VSCode for editing and running the Java files.
- Or simply run it in command line.
- Clone the repository:
git clone git@github.com:wallaceespindola/password-hashing-security-java.git
cd password-hashing-security-java
- Build the project with Maven:
mvn clean install
- Running the main examples:
java -jar ./target/password-hashing-security.jar
- This project is using Java 21, if you want to run it with a previous version, modify the pom.xml and compile to your preferred version:
<maven.compiler.source>21</maven.compiler.source>
<maven.compiler.target>21</maven.compiler.target>
- You can also run the unit tests for each algorithm on your IDE at the path 'src/test/java'.
- Wallace Espindola, Sr. Software Engineer / Java & Python Dev
- E-mail: wallace.espindola@gmail.com
- LinkedIn: https://www.linkedin.com/in/wallaceespindola/
- Website: https://wtechitsolutions.com/
- Dzone, December/2023: https://dzone.com/articles/secure-password-hashing-in-java
- This project is released under the Apache 2.0 License. See the LICENSE file for details.
- Copyright © 2024 Wallace Espindola.