public boolean isPasswordValid(String encPass, String rawPass, Object obj) throws DataAccessException { return BCrypt.checkpw(rawPass,encPass); }
private String hash(String password, String salt) { return PREFIX + BCrypt.hashpw(password, salt) + SALT_PREFIX + salt; }
/** * Test for correct hashing of non-US-ASCII passwords */ public void testInternationalChars() { System.out.print("BCrypt.hashpw w/ international chars: "); String pw1 = "\u2605\u2605\u2605\u2605\u2605\u2605\u2605\u2605"; String pw2 = "????????"; String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt()); assertFalse(BCrypt.checkpw(pw2, h1)); System.out.print("."); String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt()); assertFalse(BCrypt.checkpw(pw1, h2)); System.out.print("."); System.out.println(""); }
/** * Test method for 'BCrypt.gensalt()' */ public void testGensalt() { System.out.print("BCrypt.gensalt(): "); for (int i = 0; i < test_vectors.length; i += 4) { String plain = test_vectors[i][0]; String salt = BCrypt.gensalt(); String hashed1 = BCrypt.hashpw(plain, salt); String hashed2 = BCrypt.hashpw(plain, hashed1); assertEquals(hashed1, hashed2); System.out.print("."); } System.out.println(""); }
/** * Generate a salt for use with the BCrypt.hashpw() method, * selecting a reasonable default for the number of hashing * rounds to apply * @return an encoded salt value */ public static String gensalt() { return gensalt(GENSALT_DEFAULT_LOG2_ROUNDS); }
/** * Test method for 'BCrypt.hashpw(String, String)' */ public void testHashpw() { System.out.print("BCrypt.hashpw(): "); for (int i = 0; i < test_vectors.length; i++) { String plain = test_vectors[i][0]; String salt = test_vectors[i][1]; String expected = test_vectors[i][2]; String hashed = BCrypt.hashpw(plain, salt); assertEquals(hashed, expected); System.out.print("."); } System.out.println(""); }
/** * Test method for 'BCrypt.checkpw(String, String)' * expecting success */ public void testCheckpw_success() { System.out.print("BCrypt.checkpw w/ good passwords: "); for (int i = 0; i < test_vectors.length; i++) { String plain = test_vectors[i][0]; String expected = test_vectors[i][2]; assertTrue(BCrypt.checkpw(plain, expected)); System.out.print("."); } System.out.println(""); }
/** * Test method for 'BCrypt.checkpw(String, String)' * expecting failure */ public void testCheckpw_failure() { System.out.print("BCrypt.checkpw w/ bad passwords: "); for (int i = 0; i < test_vectors.length; i++) { int broken_index = (i + 4) % test_vectors.length; String plain = test_vectors[i][0]; String expected = test_vectors[broken_index][2]; assertFalse(BCrypt.checkpw(plain, expected)); System.out.print("."); } System.out.println(""); }
/** * Key the Blowfish cipher * @param key an array containing the key */ private void key(byte key[]) { int i; int koffp[] = { 0 }; int lr[] = { 0, 0 }; int plen = P.length, slen = S.length; for (i = 0; i < plen; i++) P[i] = P[i] ^ streamtoword(key, koffp); for (i = 0; i < plen; i += 2) { encipher(lr, 0); P[i] = lr[0]; P[i + 1] = lr[1]; } for (i = 0; i < slen; i += 2) { encipher(lr, 0); S[i] = lr[0]; S[i + 1] = lr[1]; } }
public void testBCryptHashTestVectors() throws Exception { System.out.print("BCrypt.hash w/ known vectors: "); for (BCryptHashTV tv : bcrypt_hash_test_vectors) { byte[] output = new byte[tv.out.length]; new BCrypt().hash(tv.pass, tv.salt, output); assertEquals(Arrays.toString(tv.out), Arrays.toString(output)); System.out.print("."); } System.out.println(""); }
public void testBCryptPbkdfTestVectors() throws Exception { System.out.print("BCrypt.pbkdf w/ known vectors: "); for (BCryptPbkdfTV tv : bcrypt_pbkdf_test_vectors) { byte[] output = new byte[tv.out.length]; new BCrypt().pbkdf(tv.pass, tv.salt, tv.rounds, output); assertEquals(Arrays.toString(tv.out), Arrays.toString(output)); System.out.print("."); } System.out.println(""); } }
/** * Test method for 'BCrypt.gensalt(int)' */ public void testGensaltInt() { System.out.print("BCrypt.gensalt(log_rounds):"); for (int i = 4; i <= 12; i++) { System.out.print(" " + Integer.toString(i) + ":"); for (int j = 0; j < test_vectors.length; j += 4) { String plain = test_vectors[j][0]; String salt = BCrypt.gensalt(i); String hashed1 = BCrypt.hashpw(plain, salt); String hashed2 = BCrypt.hashpw(plain, hashed1); assertEquals(hashed1, hashed2); System.out.print("."); } } System.out.println(""); }
/** * Generate a salt for use with the BCrypt.hashpw() method * @param log_rounds the log2 of the number of rounds of * hashing to apply - the work factor therefore increases as * 2**log_rounds. * @return an encoded salt value */ public static String gensalt(int log_rounds) { return gensalt(log_rounds, new SecureRandom()); }
@Override public AuthenticationResult checkCredentials(UserDto user, String password) { if (!BCrypt.checkpw(password, user.getCryptedPassword())) { return new AuthenticationResult(false, "wrong password"); } return new AuthenticationResult(true, ""); }
/** * Perform the "enhanced key schedule" step described by * Provos and Mazieres in "A Future-Adaptable Password Scheme" * http://www.openbsd.org/papers/bcrypt-paper.ps * @param data salt information * @param key password information */ private void ekskey(byte data[], byte key[]) { int i; int koffp[] = { 0 }, doffp[] = { 0 }; int lr[] = { 0, 0 }; int plen = P.length, slen = S.length; for (i = 0; i < plen; i++) P[i] = P[i] ^ streamtoword(key, koffp); for (i = 0; i < plen; i += 2) { lr[0] ^= streamtoword(data, doffp); lr[1] ^= streamtoword(data, doffp); encipher(lr, 0); P[i] = lr[0]; P[i + 1] = lr[1]; } for (i = 0; i < slen; i += 2) { lr[0] ^= streamtoword(data, doffp); lr[1] ^= streamtoword(data, doffp); encipher(lr, 0); S[i] = lr[0]; S[i + 1] = lr[1]; } }
@Override public byte[] generateSalt() { return BCrypt.gensalt(workFactor).getBytes(StandardCharsets.UTF_8); }
@Override public String hash(String password) { return hash(password, BCrypt.gensalt(this.saltSize)); }