Please provide byte array based hashing
scubajorgen opened this issue · 4 comments
Thanks for this great project
A problem is that it is not possible to use the hashing based on raw byte arrays.
I tried to use Argon2 hashing with a raw byte array as salt and a password consisting of raw bytes.
(This is the way argon2d and argon2id are used to decrypt Keepass databases)
However it is impossible to insert these arrays. It can only be done by creating a String out of the bytes and then pass the strings. However, under the hood the Strings/CharSequences are converted to bytes again. However some UTF8 decoding takes place, not resulting in the original byte arrays!
It would be great to have a version also including hash functions that take byte arrays as input
Hi @scubajorgen,
this is a good feature to implement.
Do you have any example to test where password4j transforms things not as expected?
Hi @scubajorgen,
this is a good feature to implement. Do you have any example to test where password4j transforms things not as expected?
I used password4j Argon2d in my project to decrypt KeePass databases. Did conversion from raw byte[] to String for the seed and password (using various charactersets). However I could not get this working. I suspected the byte[]->String->byte[] conversion based on your source code. Therefore I did a comparison of the result of password4j and BouncyCastle/Spring and they differed.
I made a quick and dirty copy of your password4j argon function (I hope I did not violate licences) and removed the String stuff. It worked.
You can use my unit test, testHashTimed() as a working example.
Hi @scubajorgen , @JorgenVanDerVelde
version 1.7.0 is now public with public APIs accepting byte[] arguments.
I used your unit test as example here: https://github.com/Password4j/password4j/blob/master/src/test/com/password4j/PasswordTest.java#L1169
See the changelog for further information.
Thanx! I tested your software in my code to decrypt Keepass databases and it worked out fine!! Thanks for your great work.