Tuesday, 21 January 2020

Password Hashing

Delphi is great for all kinds of software development from Windows based applications to web sites and mobile apps, but one area that it seems to be weak is with hashing of passwords. I cannot find any components built in or 3rd party that really do what was easy to do with Visual Studio (C#), here is what I would like to do:

  1. Find a modern hashing algorithm PKBDF2 or Argon2. 
  2. Must allow hash to be salted and the salt to be different every-time.
  3. Allow for the number of iterations to be specified.
  4. Previously I have also store a version number with the hash, this would also be a useful option.
  5. Validation should not require the original salt. Some solutions (one well known 3rd party company) says that you store the hash of the password and the salt in the database. 
  6. Works with existing Javascript hashing solutions e.g. CryptoJS, I imagine once the same parameters are applied it should work so that the hash can be created in Javascript and the validation can be done by Delphi.
Does anyone no of any 3rd party components that do password hashing well?