passay vs Tink

passay

Password policy enforcement for Java. (by vt-middleware)

Projects Security

Source Code

passay.org

Suggest alternative

Edit details

Tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. (by tink-crypto)

Projects Security Cryptography Java CPP Go Objc Crypto JavaScript

DISCONTINUED

Suggest alternative

Edit details

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

passay		Tink
	Project
-	Mentions	19
267	Stars	13,457
1.1%	Growth	-
4.6	Activity	9.9
11 days ago	Latest Commit	12 days ago
Java	Language	Java
GNU General Public License v3.0 or later	License	Apache License 2.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

passay

Posts with mentions or reviews of passay. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning passay yet.
Tracking mentions began in Dec 2020.

Tink

Posts with mentions or reviews of Tink. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-10.

“Please do not make it public” (Tencent’s Sogou Input Method)
1 project | news.ycombinator.com | 9 Aug 2023

> I wonder what people say when they find a bug despite you using standard crypto?
Not using TLS doesn't automatically mean you need to "roll your own crypto". They could have used a well documentend library such as Google Tink[1] instead of doing their own crypto.
[1] https://github.com/google/tink
What are you rewriting in rust?
36 projects | /r/rust | 10 Jul 2023

I sort of rewrote google's tink project in rust. There is already a rust version by project oak but it didn't exactly jive.
PassManager
2 projects | /r/TLAUNCHER | 18 Apr 2023

PassManager uses the Tink library for encryption, which provides state-of-the-art** security for your passwords. Tink uses industry-standard encryption algorithms like AES to ensure that your passwords are kept safe from prying eyes.
Cryptographic Best Practices
1 project | news.ycombinator.com | 17 Apr 2023
Using Google Tink to sign JWTs with ECDSA
2 projects | dev.to | 22 Feb 2023

Note that in the example jwt refers to the Tink jwt package.
What do you guys use for password hashing?
6 projects | /r/scala | 15 Feb 2023
What's new in Jetpack Security Crypto Version 1.1.0-alpha04
1 project | /r/androiddev | 10 Nov 2022

What I can't tell is if the new version had any fixes related to the bug being discussed here
How do you handle encryption?
2 projects | /r/node | 22 Oct 2022

Even the slightest hiccup could leave me vulnerable. I don't want to roll my own encryption. I want to use something like tink (a secure crypto library by Google) but unfortunately they don't support node or Javascript (there's a library that was published 2 years ago).
Some help with cryptography?
1 project | /r/androiddev | 8 Jun 2022

I dont have an answer for you, but 2 resources that are worth checking out: https://developer.android.com/guide/topics/security/cryptography and https://developers.google.com/tink
Ask HN: Is there a portable encryption file format?
6 projects | news.ycombinator.com | 24 Mar 2022

> Do C (or something where the mapping to C is known), and lots of languages have FFI libs where wrapping that is fairly trivial
That is an interesting idea, yet still a lot of work, sadly. I was hoping somebody had done the legwork already. I looked at Tink [1] and age [2] based on my co-worker's recommendation, but they all seem to have limited implementations in other languages.
[1] https://github.com/google/tink
[2] https://github.com/FiloSottile/age

What are some alternatives?

When comparing passay and Tink you can also consider the following projects:

password4j - Java cryptographic library that supports Argon2, bcrypt, scrypt and PBKDF2 aimed to protect passwords in databases. Easy to use by design, highly customizable, secure and portable. All the implementations follow the standards and have been reviewed to perform better in the JVM.

Jwks RSA

Kalium - Java binding to the Networking and Cryptography (NaCl) library with the awesomeness of libsodium

OpenAM - OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.

SSLContext-Kickstart - 🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, Vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k Kohttp and Ktor. Also gRPC, WebSocket and ElasticSearch examples are included

jwt-java - JSON Web Token implementation for Java according to RFC 7519. Easily create, parse and validate JSON Web Tokens using a fluent API.

SecurityBuilder - Fluent builders with typesafe API for the JCA

libsodium - A modern, portable, easy to use crypto library.