Class BCrypt
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash))
System.out.println("It matches");
else
System.out.println("It does not match");
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:
String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.
- Version:
- 0.2
- Author:
- Damien Miller
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic booleanCheck that a plaintext password matches a previously hashed onebyte[]crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata) Perform the central password hashing step in the bcrypt schemestatic Stringgensalt()Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to applystatic Stringgensalt(int log_rounds) Generate a salt for use with the BCrypt.hashpw() methodstatic Stringgensalt(int log_rounds, SecureRandom random) Generate a salt for use with the BCrypt.hashpw() methodstatic StringHash a password using the OpenBSD bcrypt scheme
-
Constructor Details
-
BCrypt
public BCrypt()
-
-
Method Details
-
crypt_raw
public byte[] crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata) Perform the central password hashing step in the bcrypt scheme- Parameters:
password- the password to hashsalt- the binary salt to hash with the passwordlog_rounds- the binary logarithm of the number of rounds of hashing to applycdata- the plaintext to encrypt- Returns:
- an array containing the binary hashed password
-
hashpw
Hash a password using the OpenBSD bcrypt scheme- Parameters:
password- the password to hashsalt- the salt to hash with (perhaps generated using BCrypt.gensalt)- Returns:
- the hashed password
-
gensalt
Generate a salt for use with the BCrypt.hashpw() method- Parameters:
log_rounds- the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.random- an instance of SecureRandom to use- Returns:
- an encoded salt value
-
gensalt
Generate a salt for use with the BCrypt.hashpw() method- Parameters:
log_rounds- the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.- Returns:
- an encoded salt value
-
gensalt
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply- Returns:
- an encoded salt value
-
checkpw
Check that a plaintext password matches a previously hashed one- Parameters:
plaintext- the plaintext password to verifyhashed- the previously-hashed password- Returns:
- true if the passwords match, false otherwise
-