PBKDF2WithHmacSHA512 Vs. PBKDF2WithHmacSHA1
SHA512 belongs to the SHA2 family of cryptographic hash functions. Since SHA1 has theoretical weaknesses and SHA512 is slightly slower than SHA1 (slower is better when hashing passwords), SHA512 (or any of the SHA2 family) should be chosen over SHA1 for the purpose of hashing passwords.
Actually understanding the differences in the functions is not going to be simple, but you might have a better chance of getting an answer on the Crypto SE site.
Let us breakdown the word piece by piece:
PBKDF2--WithHmac--SHA512
Let's go over it part by part
PBKDF2
Stands for Password-based-Key-Derivative-Function, a successor of PBKDF1 and is used to implement a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations.
HMAC
Stands for Keyed-Hash Message Authentication Code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Any cryptographic hash function,may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.
SHA512
Well, you know about it.. :P
Now, coming back to your question, the line of code:
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
specifies the keyFactory to use the algorithm PDBKDF2WithHmacSHA1
. When you would do something like:
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
you tell the factory to use algorithm PBDKF2WithHmacSHA512
.
Essentialy the main difference between PBKDF2WithHmacSHA1
and PBKDF2WithHmacSHA512
is that:
- The
PBKDF2WithHmacSHA1
will produce a hash length of 160 bits. - The
PBKDF2WithHmacSHA512
will produce a hash length of 512 bits.
Hence the latter is more secure. But there are arguments on both sides as to which is sufficient for encryption. No debate. Just saying.
Some additional information about the two algorithms:
HMACSHA1
HMACSHA1 is a type of keyed hash algorithm that is constructed from the SHA1 hash function and used as an HMAC, or hash-based message authentication code. The HMAC process mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 160 bits in length.
HMACSHA512
HMACSHA512 is a type of keyed hash algorithm that is constructed from the SHA-512 hash function and used as a Hash-based Message Authentication Code (HMAC). The HMAC process mixes a secret key with the message data and hashes the result. The hash value is mixed with the secret key again, and then hashed a second time. The output hash is 512 bits in length.
The main advantage is that HmacWith512
is more secure than HmacWith256
. For e.g.
HMAC_SHA1("key","The quick brown fox jumps over the lazy dog") = 0xde7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
HMAC_SHA512("key","The quick brown fox jumps over the lazy dog") = 0xb42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a
The difference is pretty huge (as seen). Hope it helps. :)
EDIT: As OP mentions
PBEKeySpec(char[] password, byte[] salt, int iterationCount, int keyLength)
The parameter keyLength
is used to indicate the preference on key length
for variable-key-size ciphers. The actual key size depends on each provider's implementation. Hence say, doing something like
PBEKeySpec(password, salt, int 100, 512)
doesn't mean you will be using SHA1 to generate a keyLength of 512. It simply means that. SHA1 supports upto a maximum of 160 bits. You cannot exceed that.
As for your second question, have a look at the HMAC-SHA1. There are many statements that say algorithms like SHA256
is pretty good if you a long hash.
Also, as per the NSA :
The NSA specifies that "Elliptic Curve Public Key Cryptography using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 and SHA-256 are appropriate for protecting classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve and SHA-384 are necessary for the protection of TOP SECRET information.
I think using a HMAC function in conjunction SHA512 is quite secure.