java.lang.Object | |
↳ | org.springframework.security.crypto.bcrypt.BCrypt |
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash))
System.out.println("It matches");
else
System.out.println("It does not match");
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:
String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 31.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Check that a plaintext password matches a previously hashed
one
| |||||||||||
Generate a salt for use with the BCrypt.hashpw() method,
selecting a reasonable default for the number of hashing
rounds to apply
| |||||||||||
Generate a salt for use with the BCrypt.hashpw() method
| |||||||||||
Generate a salt for use with the BCrypt.hashpw() method
| |||||||||||
Hash a password using the OpenBSD bcrypt scheme
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
|
Check that a plaintext password matches a previously hashed one
plaintext | the plaintext password to verify |
---|---|
hashed | the previously-hashed password |
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
Generate a salt for use with the BCrypt.hashpw() method
log_rounds | the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds. |
---|---|
random | an instance of SecureRandom to use |
Generate a salt for use with the BCrypt.hashpw() method
log_rounds | the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds. |
---|
Hash a password using the OpenBSD bcrypt scheme
password | the password to hash |
---|---|
salt | the salt to hash with (perhaps generated using BCrypt.gensalt) |