Package org.opends.server.extensions
Class BCrypt
- java.lang.Object
-
- org.opends.server.extensions.BCrypt
-
public final class BCrypt extends Object
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:if (BCrypt.checkpw(candidate_password, stored_hash)) { System.out.println("It matches"); } else { System.out.println("It does not match"); }
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.String strong_salt = BCrypt.gensalt(10); String stronger_salt = BCrypt.gensalt(12);- Version:
- 0.4
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static booleancheckpw(String plaintext, String hashed)Check that a plaintext password matches a previously hashed one.static Stringgensalt()Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply.static Stringgensalt(int logRounds)Generate a salt for use with the BCrypt.hashpw() method.static intgetRounds(String salt)Extracts and returns the current cost (number of rounds) of a hashed password.static Stringhashpw(byte[] password, String salt)Hash a password using the OpenBSD bcrypt scheme.static Stringhashpw(String password, String salt)Hash a password using the OpenBSD bcrypt scheme.
-
-
-
Method Detail
-
hashpw
public static String hashpw(String password, String salt)
Hash a password using the OpenBSD bcrypt scheme.- Parameters:
password- the password to hashsalt- the salt to hash with (perhaps generated using BCrypt.gensalt)- Returns:
- the hashed password
-
hashpw
public static String hashpw(byte[] password, String salt)
Hash a password using the OpenBSD bcrypt scheme.- Parameters:
password- the password to hash as a byte arraysalt- the salt to hash with (perhaps generated using BCrypt.gensalt)- Returns:
- the hashed password
-
gensalt
public static String gensalt(int logRounds)
Generate a salt for use with the BCrypt.hashpw() method.- Parameters:
logRounds- the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**logRounds.- Returns:
- an encoded salt value
-
gensalt
public static String gensalt()
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply.- Returns:
- an encoded salt value
-
checkpw
public static boolean checkpw(String plaintext, String hashed)
Check that a plaintext password matches a previously hashed one.- Parameters:
plaintext- the plaintext password to verifyhashed- the previously-hashed password- Returns:
- true if the passwords match, false otherwise
-
getRounds
public static int getRounds(String salt)
Extracts and returns the current cost (number of rounds) of a hashed password.- Parameters:
salt- The full hashed password or just the salt part that contains the number of rounds performed- Returns:
- the number of rounds from the hash, or -1 in case of failure
-
-