fr.xephi.authme.security.crypts
Class BCRYPT

java.lang.Object
  fr.xephi.authme.security.crypts.BCRYPT

All Implemented Interfaces:

EncryptionMethod

public class BCRYPT
extends java.lang.Object
implements EncryptionMethod

BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.

Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:

String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());


To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:

if (BCrypt.checkpw(candidate_password, stored_hash))
System.out.println("It matches");
else
System.out.println("It does not match");


The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:

String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)


The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 31.

Version:

0.2

Author:

Damien Miller

Constructor Summary

BCRYPT()

Method Summary

static boolean	checkpw(java.lang.String plaintext, java.lang.String hashed) Check that a plaintext password matches a previously hashed one
static boolean	checkpw(java.lang.String text, java.lang.String hashed, int rounds) Check that a text password matches a previously hashed one with the specified number of rounds using recursion
boolean	comparePassword(java.lang.String hash, java.lang.String password, java.lang.String playerName)
static java.lang.String	gensalt() Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
static java.lang.String	gensalt(int log_rounds) Generate a salt for use with the BCrypt.hashpw() method
static java.lang.String	gensalt(int log_rounds, java.security.SecureRandom random) Generate a salt for use with the BCrypt.hashpw() method
static java.lang.String	getDoubleHash(java.lang.String text, java.lang.String salt)
java.lang.String	getHash(java.lang.String password, java.lang.String salt, java.lang.String name)
static java.lang.String	hashpw(java.lang.String password, java.lang.String salt) Hash a password using the OpenBSD bcrypt scheme

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BCRYPT

public BCRYPT()

Method Detail

hashpw

public static java.lang.String hashpw(java.lang.String password,
                                      java.lang.String salt)

Hash a password using the OpenBSD bcrypt scheme

Parameters:

password - the password to hash

salt - the salt to hash with (perhaps generated using BCrypt.gensalt)

Returns:

the hashed password

gensalt

public static java.lang.String gensalt(int log_rounds,
                                       java.security.SecureRandom random)

Generate a salt for use with the BCrypt.hashpw() method

Parameters:

log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.

random - an instance of SecureRandom to use

Returns:

an encoded salt value

gensalt

public static java.lang.String gensalt(int log_rounds)

Generate a salt for use with the BCrypt.hashpw() method

Parameters:

log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.

Returns:

an encoded salt value

gensalt

public static java.lang.String gensalt()

Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply

Returns:

an encoded salt value

checkpw

public static boolean checkpw(java.lang.String plaintext,
                              java.lang.String hashed)

Check that a plaintext password matches a previously hashed one

Parameters:

plaintext - the plaintext password to verify

hashed - the previously-hashed password

Returns:

true if the passwords match, false otherwise

checkpw

public static boolean checkpw(java.lang.String text,
                              java.lang.String hashed,
                              int rounds)

Check that a text password matches a previously hashed one with the specified number of rounds using recursion

Parameters:

text - plaintext or hashed text

hashed - the previously-hashed password

rounds - number of rounds to hash the password

Returns:

getHash

public java.lang.String getHash(java.lang.String password,
                                java.lang.String salt,
                                java.lang.String name)
                         throws java.security.NoSuchAlgorithmException

Specified by:

getHash in interface EncryptionMethod

salt - (can be an other data like playerName;salt , playerName, etc... for customs methods)

Returns:

Hashing password

Throws:

java.security.NoSuchAlgorithmException

comparePassword

public boolean comparePassword(java.lang.String hash,
                               java.lang.String password,
                               java.lang.String playerName)
                        throws java.security.NoSuchAlgorithmException

Specified by:

comparePassword in interface EncryptionMethod

Returns:

true if password match, false else

Throws:

java.security.NoSuchAlgorithmException

getDoubleHash

public static java.lang.String getDoubleHash(java.lang.String text,
                                             java.lang.String salt)