public class BCrypt
extends java.lang.Object
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash))
System.out.println("It matches");
else
System.out.println("It does not match");
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:
String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 31.
Constructor and Description |
---|
BCrypt() |
Modifier and Type | Method and Description |
---|---|
static boolean |
checkpw(java.lang.String plaintext,
java.lang.String hashed)
Check that a plaintext password matches a previously hashed
one
|
static java.lang.String |
gensalt()
Generate a salt for use with the BCrypt.hashpw() method,
selecting a reasonable default for the number of hashing
rounds to apply
|
static java.lang.String |
gensalt(int log_rounds)
Generate a salt for use with the BCrypt.hashpw() method
|
static java.lang.String |
gensalt(int log_rounds,
java.security.SecureRandom random)
Generate a salt for use with the BCrypt.hashpw() method
|
static java.lang.String |
gensalt(java.lang.String prefix) |
static java.lang.String |
gensalt(java.lang.String prefix,
int log_rounds)
Generate a salt for use with the BCrypt.hashpw() method
|
static java.lang.String |
gensalt(java.lang.String prefix,
int log_rounds,
java.security.SecureRandom random)
Generate a salt for use with the BCrypt.hashpw() method
|
static java.lang.String |
hashpw(byte[] passwordb,
java.lang.String salt)
Hash a password using the OpenBSD bcrypt scheme
|
static java.lang.String |
hashpw(java.lang.String password,
java.lang.String salt)
Hash a password using the OpenBSD bcrypt scheme
|
public static java.lang.String hashpw(java.lang.String password, java.lang.String salt)
password
- the password to hashsalt
- the salt to hash with (perhaps generated
using BCrypt.gensalt)public static java.lang.String hashpw(byte[] passwordb, java.lang.String salt)
passwordb
- the password to hash, as a byte arraysalt
- the salt to hash with (perhaps generated
using BCrypt.gensalt)public static java.lang.String gensalt(java.lang.String prefix, int log_rounds, java.security.SecureRandom random) throws java.lang.IllegalArgumentException
prefix
- the prefix value (default $2a)log_rounds
- the log2 of the number of rounds of
hashing to apply - the work factor therefore increases as
2**log_rounds.random
- an instance of SecureRandom to usejava.lang.IllegalArgumentException
- if prefix or log_rounds is invalidpublic static java.lang.String gensalt(java.lang.String prefix, int log_rounds) throws java.lang.IllegalArgumentException
prefix
- the prefix value (default $2a)log_rounds
- the log2 of the number of rounds of
hashing to apply - the work factor therefore increases as
2**log_rounds.java.lang.IllegalArgumentException
- if prefix or log_rounds is invalidpublic static java.lang.String gensalt(int log_rounds, java.security.SecureRandom random) throws java.lang.IllegalArgumentException
log_rounds
- the log2 of the number of rounds of
hashing to apply - the work factor therefore increases as
2**log_rounds.random
- an instance of SecureRandom to usejava.lang.IllegalArgumentException
- if log_rounds is invalidpublic static java.lang.String gensalt(int log_rounds) throws java.lang.IllegalArgumentException
log_rounds
- the log2 of the number of rounds of
hashing to apply - the work factor therefore increases as
2**log_rounds.java.lang.IllegalArgumentException
- if log_rounds is invalidpublic static java.lang.String gensalt(java.lang.String prefix)
public static java.lang.String gensalt()
public static boolean checkpw(java.lang.String plaintext, java.lang.String hashed)
plaintext
- the plaintext password to verifyhashed
- the previously-hashed password