PBKDF2DJANGO Hash

src/main/java/fr/xephi/authme/commands/AdminCommand.java

@@ -520,6 +520,7 @@ public class AdminCommand implements CommandExecutor {
                 m.send(sender, "error");
                 return true;
             }
+            @SuppressWarnings("deprecation")
             Player target = Bukkit.getPlayer(name);
             PlayerCache.getInstance().removePlayer(name);
             Utils.getInstance().setGroup(name, groupType.UNREGISTERED);
@@ -602,6 +603,7 @@ public class AdminCommand implements CommandExecutor {
                 sender.sendMessage("Usage: /authme getip <onlineplayername>");
                 return true;
             }
+            @SuppressWarnings("deprecation")
             Player player = Bukkit.getPlayer(args[1]);
             if (player == null) {
                 sender.sendMessage("This player is not actually online");
@@ -617,6 +619,7 @@ public class AdminCommand implements CommandExecutor {
                 return true;
             }
             try {
+                @SuppressWarnings("deprecation")
                 Player player = Bukkit.getPlayer(args[1]);
                 if (player == null || !player.isOnline()) {
                     sender.sendMessage("Player needs to be online!");

src/main/java/fr/xephi/authme/security/HashAlgorithm.java

@@ -25,6 +25,7 @@ public enum HashAlgorithm {
     SHA512(fr.xephi.authme.security.crypts.SHA512.class),
     DOUBLEMD5(fr.xephi.authme.security.crypts.DOUBLEMD5.class),
     PBKDF2(fr.xephi.authme.security.crypts.CryptPBKDF2.class),
+    PBKDF2DJANGO(fr.xephi.authme.security.crypts.CryptPBKDF2Django.class),
     WORDPRESS(fr.xephi.authme.security.crypts.WORDPRESS.class),
     ROYALAUTH(fr.xephi.authme.security.crypts.ROYALAUTH.class),
     CRAZYCRYPT1(fr.xephi.authme.security.crypts.CRAZYCRYPT1.class),

src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java

@@ -4,18 +4,17 @@ import java.security.NoSuchAlgorithmException;
 
 import fr.xephi.authme.security.pbkdf2.PBKDF2Engine;
 import fr.xephi.authme.security.pbkdf2.PBKDF2Parameters;
-import javax.xml.bind.DatatypeConverter;
 
 public class CryptPBKDF2 implements EncryptionMethod {
 
     @Override
     public String getHash(String password, String salt, String name)
             throws NoSuchAlgorithmException {
-        String result = "pbkdf2_sha256$15000$" + salt + "$";
+        String result = "pbkdf2_sha256$10000$" + salt + "$";
-        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000);
+        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 10000);
         PBKDF2Engine engine = new PBKDF2Engine(params);
 
-        return result + String.valueOf(DatatypeConverter.printBase64Binary(engine.deriveKey(password, 32)));
+        return result + String.valueOf(engine.deriveKey(password, 64));
     }
 
     @Override
@@ -23,10 +22,10 @@ public class CryptPBKDF2 implements EncryptionMethod {
             String playerName) throws NoSuchAlgorithmException {
         String[] line = hash.split("\\$");
         String salt = line[2];
-        byte[] derivedKey = DatatypeConverter.parseBase64Binary(line[3]);
+        String derivedKey = line[3];
-        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000, derivedKey);
+        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 10000, derivedKey.getBytes());
         PBKDF2Engine engine = new PBKDF2Engine(params);
         return engine.verifyKey(password);
     }
 
-}
+}

src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java

@@ -0,0 +1,32 @@
+package fr.xephi.authme.security.crypts;
+
+import java.security.NoSuchAlgorithmException;
+
+import fr.xephi.authme.security.pbkdf2.PBKDF2Engine;
+import fr.xephi.authme.security.pbkdf2.PBKDF2Parameters;
+import javax.xml.bind.DatatypeConverter;
+
+public class CryptPBKDF2Django implements EncryptionMethod {
+
+    @Override
+    public String getHash(String password, String salt, String name)
+            throws NoSuchAlgorithmException {
+        String result = "pbkdf2_sha256$15000$" + salt + "$";
+        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000);
+        PBKDF2Engine engine = new PBKDF2Engine(params);
+
+        return result + String.valueOf(DatatypeConverter.printBase64Binary(engine.deriveKey(password, 32)));
+    }
+
+    @Override
+    public boolean comparePassword(String hash, String password,
+            String playerName) throws NoSuchAlgorithmException {
+        String[] line = hash.split("\\$");
+        String salt = line[2];
+        byte[] derivedKey = DatatypeConverter.parseBase64Binary(line[3]);
+        PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000, derivedKey);
+        PBKDF2Engine engine = new PBKDF2Engine(params);
+        return engine.verifyKey(password);
+    }
+
+}

src/main/resources/config.yml

@@ -200,7 +200,7 @@ settings:
         # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
         # PLAINTEXT ( unhashed password),
         # MYBB, IPB3, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
-        # DOUBLEMD5, PBKDF2, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
+        # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
         passwordHash: SHA256
         # salt length for the SALTED2MD5 MD5(MD5(password)+salt)
         doubleMD5SaltLength: 8