Class BCrypt

java.lang.Object
org.mindrot.jbcrypt.BCrypt

public class BCrypt extends Object
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.

Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:

String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());

To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:

if (BCrypt.checkpw(candidate_password, stored_hash))     System.out.println("It matches"); else     System.out.println("It does not match");

The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:

String strong_salt = BCrypt.gensalt(10) String stronger_salt = BCrypt.gensalt(12)

The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.

Version:
0.2
Author:
Damien Miller
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    static boolean
    checkpw(String plaintext, String hashed)
    Check that a plaintext password matches a previously hashed one
    byte[]
    crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)
    Perform the central password hashing step in the bcrypt scheme
    static String
    Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
    static String
    gensalt(int log_rounds)
    Generate a salt for use with the BCrypt.hashpw() method
    static String
    gensalt(int log_rounds, SecureRandom random)
    Generate a salt for use with the BCrypt.hashpw() method
    static String
    hashpw(String password, String salt)
    Hash a password using the OpenBSD bcrypt scheme

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • BCrypt

      public BCrypt()
  • Method Details

    • crypt_raw

      public byte[] crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)
      Perform the central password hashing step in the bcrypt scheme
      Parameters:
      password - the password to hash
      salt - the binary salt to hash with the password
      log_rounds - the binary logarithm of the number of rounds of hashing to apply
      cdata - the plaintext to encrypt
      Returns:
      an array containing the binary hashed password
    • hashpw

      public static String hashpw(String password, String salt)
      Hash a password using the OpenBSD bcrypt scheme
      Parameters:
      password - the password to hash
      salt - the salt to hash with (perhaps generated using BCrypt.gensalt)
      Returns:
      the hashed password
    • gensalt

      public static String gensalt(int log_rounds, SecureRandom random)
      Generate a salt for use with the BCrypt.hashpw() method
      Parameters:
      log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
      random - an instance of SecureRandom to use
      Returns:
      an encoded salt value
    • gensalt

      public static String gensalt(int log_rounds)
      Generate a salt for use with the BCrypt.hashpw() method
      Parameters:
      log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
      Returns:
      an encoded salt value
    • gensalt

      public static String gensalt()
      Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
      Returns:
      an encoded salt value
    • checkpw

      public static boolean checkpw(String plaintext, String hashed)
      Check that a plaintext password matches a previously hashed one
      Parameters:
      plaintext - the plaintext password to verify
      hashed - the previously-hashed password
      Returns:
      true if the passwords match, false otherwise