Secure Password Validation & Storage

---

Index

• Description.
• Use Cases.
• Pre-requisites.
• Configuration.
• Packaging.
• Deployment.
• List of Services.
• Changelog.
• Additional Resources.

Description

Component used for symmetric encryption and secure hash generation (scrypt key derivation function) for secure password storage.

Back to Index ^

Use Cases

Securely Storing Credentials

Securely Validating Credentials

Back to Index ^

Pre-requisites

For this component to work properly, some pre-requisites are needed:

• Java 7 and above.
• Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
• scrypt at OS level. For mac users, use brew install scrypt.

Back to Index ^

Configuration

No configuration needed.

Back to Index ^

Packaging

In order to compile and package this component in it's JAR form, maven 3.0 or above is needed, just type the command mvn clean package where the pom.xml file is, and the password-encryption-x.x.x.jar file will be created at password-encryption/target.

Back to Index ^

Deployment

This component is deployed as a dependency for other projects.

Back to Index ^

List of Services

No services exposed as APIs.

Back to Index ^

Changelog

VERSION	DESCRIPTION
1.1.0	BUG FIXED: When encrypting a hashed password and its salt, the same IV was used which is incorrect. Another IV is generated for the SALT exclusively.
1.0.0	First version of the component.

Back to Index ^

Additional Resources

• scrypt key derivation function
• Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
• Apache Maven
• NIST Recommendation for Block 2001 Edition Cipher Modes of Operation: Methods and Techniques
• NIST Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption

Back to Index ^