private String hash(String password, String salt) { return PREFIX + BCrypt.hashpw(password, salt) + SALT_PREFIX + salt; }
public String encodePassword(String rawPass, Object obj) throws DataAccessException { return BCrypt.hashpw(rawPass,BCrypt.gensalt()); }
/** * Check that a plaintext password matches a previously hashed * one * @param plaintext the plaintext password to verify * @param hashed the previously-hashed password * @return true if the passwords match, false otherwise */ public static boolean checkpw(String plaintext, String hashed) { byte hashed_bytes[]; byte try_bytes[]; try { String try_pw = hashpw(plaintext, hashed); hashed_bytes = hashed.getBytes("UTF-8"); try_bytes = try_pw.getBytes("UTF-8"); } catch (UnsupportedEncodingException uee) { return false; } if (hashed_bytes.length != try_bytes.length) return false; byte ret = 0; for (int i = 0; i < try_bytes.length; i++) ret |= hashed_bytes[i] ^ try_bytes[i]; return ret == 0; } }
public byte[] auth( byte[] input, CredentialsInfo info, UUID userId, UUID applicationId ) { //our existing has the salt in it, extract it and re-use it String infoSecret = info.getSecret(); Assert.notNull( infoSecret, "The credentials info must have a bcrypt compatible secret to perform auth" ); String existing = new String( decodeBase64( infoSecret ), UTF8 ); return BCrypt.hashpw( new String( input, UTF8 ), existing ).getBytes( UTF8 ); }
@Override public byte[] hash( byte[] input, CredentialsInfo info, UUID userId, UUID applicationId ) { return BCrypt.hashpw(new String(input, UTF8), BCrypt.gensalt(defaultIterations)).getBytes(); }
@Override public void storeHashPassword(UserDto user, String password) { requireNonNull(password, "Password cannot be null"); user.setHashMethod(HashMethod.BCRYPT.name()) .setCryptedPassword(BCrypt.hashpw(password, BCrypt.gensalt(12))) .setSalt(null); } }
/** * Test method for 'BCrypt.hashpw(String, String)' */ public void testHashpw() { System.out.print("BCrypt.hashpw(): "); for (int i = 0; i < test_vectors.length; i++) { String plain = test_vectors[i][0]; String salt = test_vectors[i][1]; String expected = test_vectors[i][2]; String hashed = BCrypt.hashpw(plain, salt); assertEquals(hashed, expected); System.out.print("."); } System.out.println(""); }
/** * Test method for 'BCrypt.gensalt()' */ public void testGensalt() { System.out.print("BCrypt.gensalt(): "); for (int i = 0; i < test_vectors.length; i += 4) { String plain = test_vectors[i][0]; String salt = BCrypt.gensalt(); String hashed1 = BCrypt.hashpw(plain, salt); String hashed2 = BCrypt.hashpw(plain, hashed1); assertEquals(hashed1, hashed2); System.out.print("."); } System.out.println(""); }
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with Bcrypt"); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } String algorithm = encryptionMethod.getAlgorithm(); String provider = encryptionMethod.getProvider(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } String bcryptSalt = formatSaltForBcrypt(salt); String hash = BCrypt.hashpw(password, bcryptSalt); /* The SHA-512 hash is required in order to derive a key longer than 184 bits (the resulting size of the Bcrypt hash) and ensuring the avalanche effect causes higher key entropy (if all derived keys follow a consistent pattern, it weakens the strength of the encryption) */ MessageDigest digest = MessageDigest.getInstance("SHA-512", provider); byte[] dk = digest.digest(hash.getBytes(StandardCharsets.UTF_8)); dk = Arrays.copyOf(dk, keyLength / 8); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
/** * Test method for 'BCrypt.gensalt(int)' */ public void testGensaltInt() { System.out.print("BCrypt.gensalt(log_rounds):"); for (int i = 4; i <= 12; i++) { System.out.print(" " + Integer.toString(i) + ":"); for (int j = 0; j < test_vectors.length; j += 4) { String plain = test_vectors[j][0]; String salt = BCrypt.gensalt(i); String hashed1 = BCrypt.hashpw(plain, salt); String hashed2 = BCrypt.hashpw(plain, hashed1); assertEquals(hashed1, hashed2); System.out.print("."); } } System.out.println(""); }
/** * Test for correct hashing of non-US-ASCII passwords */ public void testInternationalChars() { System.out.print("BCrypt.hashpw w/ international chars: "); String pw1 = "\u2605\u2605\u2605\u2605\u2605\u2605\u2605\u2605"; String pw2 = "????????"; String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt()); assertFalse(BCrypt.checkpw(pw2, h1)); System.out.print("."); String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt()); assertFalse(BCrypt.checkpw(pw1, h2)); System.out.print("."); System.out.println(""); }
@Test public void authentication_with_bcrypt_with_correct_password_should_work() { String password = randomAlphanumeric(60); UserDto user = newUserDto() .setHashMethod(BCRYPT.name()) .setCryptedPassword(BCrypt.hashpw(password, BCrypt.gensalt(12))); underTest.authenticate(db.getSession(), user, password, AuthenticationEvent.Method.BASIC); }
@Test public void authentication_with_bcrypt_with_incorrect_password_should_throw_AuthenticationException() { String password = randomAlphanumeric(60); UserDto user = newUserDto() .setHashMethod(BCRYPT.name()) .setCryptedPassword(BCrypt.hashpw(password, BCrypt.gensalt(12))); expectedException.expect(AuthenticationException.class); expectedException.expectMessage("wrong password"); underTest.authenticate(db.getSession(), user, "WHATEVER", AuthenticationEvent.Method.BASIC); }
password.setTextContent(BCrypt.hashpw(apikey, BCrypt.gensalt(4))); changed = true;
/** * Creates or updates a user. */ public default GraphTraversal<S, Vertex> user(final String username, final String password) { return has(VERTEX_LABEL_USER, PROPERTY_USERNAME, username). fold(). coalesce(__.unfold(), __.addV(VERTEX_LABEL_USER).property(PROPERTY_USERNAME, username)). property(PROPERTY_PASSWORD, BCrypt.hashpw(password, BCrypt.gensalt(CredentialTraversalDsl.BCRYPT_ROUNDS))); } }
/** * Creates or updates a user. */ public GraphTraversal<Vertex, Vertex> user(final String username, final String password) { return this.clone().V(). has(VERTEX_LABEL_USER, PROPERTY_USERNAME, username). fold(). coalesce(__.unfold(), __.addV(VERTEX_LABEL_USER).property(PROPERTY_USERNAME, username)). property(PROPERTY_PASSWORD, BCrypt.hashpw(password, BCrypt.gensalt(CredentialTraversalDsl.BCRYPT_ROUNDS))); } }
public static char[] hashpw(char[] password, String salt) { StringBuilder buf = new StringBuilder(); hashpw(password, salt, buf); int len = buf.length(); char[] ca = new char[len]; buf.getChars(0, len, ca, 0); return ca; }
/** * Hash a password using the OpenBSD bcrypt scheme * @param password the password to hash * @param salt the salt to hash with (perhaps generated * using BCrypt.gensalt) * @return the hashed password */ public static String hashpw(String password, String salt) { StringBuilder buf = new StringBuilder(); hashpw(password.toCharArray(), salt, buf); return buf.toString(); }
/** * Hash the user's password. * * @param password Clear password * @return Hashed password */ protected String hashPassword(String password) { return BCrypt.hashpw(password, BCrypt.gensalt()); } }
/** * Generate crypted hash of give password * @param password the password * @return the password hash */ public String passwordHash(String password) { if (null == password) { return null; } return BCrypt.hashpw(password, BCrypt.gensalt()); }