Skip to content

Properties

Jump to bottom
David Bertoldi edited this page Mar 8, 2024 · 5 revisions

For increasing portability, you can define some properties in the psw4j.properties file, so you don't have to recompile your code if you want to change some options.

Declaring psw4j.properties path

The properties file should always be located in your resources folder and named psw4j.properties. If this is not an option for your project, you can define a custom path with the system property -Dpsw4j.configuration=path/to/my/file.properties

e.g.

java -Dpsw4j.configuration=path/to/my/file.properties myApp.jar

Properties

Globals

global.random.strong (boolean)

It defines if Password4j should use SecureRandom instantiated with SecureRandom.getInstanceStrong() to generate salts, peppers and any object which requires a source of randomness.

Make sure that your JVM supports it and it points to a non-blocking source of entropy, otherwise you may experience huge performance drops.

You can use the source with

Random random = AlgorithmFinder.getSecureRandom();

If omitted, the default value is false

global.pepper (String)

It defines the cryptographic pepper, that should be never be stored in the database (or not in the same hashes' database at least).

This property is used any time you use .addPepper() when hashing or checking and .addNewPepper() when updating the hash.

Additionally you can read this value with

String pepper = PepperGenerator.get();

If omitted, the default value is null.

global.banner (boolean)

Prints the application banner in System.out when Password class is loaded. If set to false the banner is not displayed

If omitted, the default value is false.

Message Digest

This set of properties is used when using a MessageDigestFunction (.withMessageDigest()) or AlgorithmFinder.getMessageDigestInstance()

hash.md.algorithm (String)

Defines the message digest algorithm supported by your JVM.

If omitted, the default value is SHA512

hash.md.salt.option (String)

Choose between append or prepend to define how the pepper should be concatenated with the plain text password.

If omitted, the default value is append

PBKDF2

This set of properties is used when using a PBKDF2Function (.withPBKDF2()), a CompressedPBKDF2Function (.withCompressedPBKDF2()), AlgorithmFinder.getPBKDF2Instance() or AlgorithmFinder.getCompressedPBKDF2Instance()

hash.pbkdf2.algorithm (String)

It defines the pseudo-random function from the HMAC family.

If omitted, the default value is SHA512

hash.pbkdf2.iterations (int)

It defines the number of times the pseudo-random function is applied to the password along with the salt

If omitted, the default value is 64000

hash.pbkdf2.length (int)

It defines the desired length of the final derived key.

If omitted, the default value is 512

hash.pbkdf2.delimiter (char)

It defines the delimiter used in the compressed form (applicable only with CompressedPBKDF2Function.

If omitted, the default value is $

bcrypt

This set of properties is used when using a BCryptFunction (.withBCrypt()) or AlgorithmFinder.getBCryptInstance()

hash.bcrypt.minor (char)

It defines the minor version of bcrypt (a, x, y or b). The suggested version of the algorithm is b, the latest one. The other versions should be used only for backward compatibility reasons and we recommend to update your hashes as soon as possible.

If omitted, the default value is b

hash.bcrypt.rounds (int)

Defines the number of rounds expressed as exponent of base 2.

If omitted, the default value is 10 (210 = 1024)

scrypt

This set of properties is used when using a SCryptFunction (.withSCrypt()) or AlgorithmFinder.getSCryptInstance()

hash.scrypt.workfactor (int)

It defines the CPU/memory cost. Must be a power of 2.

If omitted, the default value is 32768

hash.scrypt.resources (int)

It defines the size of memory blocks.

If omitted, the default value is 8

hash.scrypt.parallelization (int)

It defines the cost of parallelisation for an attacker.

If omitted, the default value is 1

hash.scrypt.derivedKeyLength (int)

It defines the desired length of the final derived key

If omitted, the default value is 64

Argon2

This set of properties is used when using a Argon2Function (.withArgon2()) or AlgorithmFinder.getArgon2Instance()

hash.argon2.memory (int)

It defines amount of memory (in kibibytes) to use.

If omitted, the default value is 12

hash.argon2.iterations (int)

It defines number of iterations to perform.

If omitted, the default value is 20

hash.argon2.parallelism (int)

It defines the degree of parallelism (number of threads to be used in the computation).

If omitted, the default value is 2

hash.argon2.length (int)

It defines the desired length of the final derived key.

If omitted, the default value is 32

hash.argon2.type (String)

It defines the desired type of the algorithm. Possible values are d for Argon2d, i for Argon2i or id for Argon2id.

If omitted, the default value is id

hash.argon2.version (int)

It defines the version of the algorithm to use.

If omitted, the default value is 19

Example file

The following is an example file and should never be used in production.

global.random.strong=false
global.banner=true
global.pepper=AlicePepper

hash.md.algorithm=SHA-512
hash.md.salt.option=append

hash.pbkdf2.algorithm=SHA256
hash.pbkdf2.iterations=64000
hash.pbkdf2.length=256
hash.pbkdf2.delimiter=$

hash.bcrypt.minor=b
hash.bcrypt.rounds=12

hash.scrypt.workfactor=16384
hash.scrypt.resources=16
hash.scrypt.parallelization=1

hash.argon2.memory=1024
hash.argon2.iterations=5
hash.argon2.length=64
hash.argon2.parallelism=3
hash.argon2.type=id
hash.argon2.version=19

Supports Java 8+ Maven Central License

Password4j © 2024

Created by David Bertoldi with 🗿

Password4j documentation

Clone this wiki locally