PBKDF2 with SHA256 on android
-
22-06-2021 - |
Question
I want to generate a derived hash of a password using PBKDF2 with SHA256. with this SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
this work but it use SHA1.
With SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256")
(or SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256","SC")
when with spongycastle) i have an error.
How can i succeed to generate a hash using PBKDF2WithHmacSHA256?
Solution
If you use version 1.47 or higher of SpongyCastle, you can invoke PBKDF2WithHmacSHA256 directly:
PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(new SHA256Digest());
generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), salt, iterations);
KeyParameter key = (KeyParameter)generator.generateDerivedMacParameters(keySizeInBits);
In versions of BC < 1.47, you could not specify SHA256 digest and it defaulted to SHA1.
OTHER TIPS
Bouncy Castle doesn't support PBKDF2WithHmacSHA256
so this won't work. You can try implementing it yourself. Look at the source of PKCS5S2ParametersGenerator.java
and replace SHA1Digest
with SHA256Digest
.