jeremyh/jBCrypt

A Java implementation of OpenBSD's Blowfish password hashing code http://www.mindrot.org/projects/jBCrypt

Download

Step 1. Add the JitPack repository to your build file

Add it in your root settings.gradle at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url 'https://jitpack.io' }
		}
	}

Add it in your settings.gradle.kts at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url = uri("https://jitpack.io") }
		}
	}

Add to pom.xml

	<repositories>
		<repository>
		    <id>jitpack.io</id>
		    <url>https://jitpack.io</url>
		</repository>
	</repositories>

Add it in your build.sbt at the end of resolvers:

 
    resolvers += "jitpack" at "https://jitpack.io"

Add it in your project.clj at the end of repositories:

 
    :repositories [["jitpack" "https://jitpack.io"]]

Step 2. Add the dependency

	dependencies {
		implementation 'com.github.jeremyh:JBCrypt:jbcrypt-0.4'
	}
	dependencies {
		implementation("com.github.jeremyh:JBCrypt:jbcrypt-0.4")
	}
	<dependency>
	    <groupId>com.github.jeremyh</groupId>
	    <artifactId>JBCrypt</artifactId>
	    <version>jbcrypt-0.4</version>
	</dependency>

                            
    libraryDependencies += "com.github.jeremyh" % "JBCrypt" % "jbcrypt-0.4"
        
        

                            
    :dependencies [[com.github.jeremyh/JBCrypt "jbcrypt-0.4"]]

Readme

JBCrypt

jBCrypt is an implementation the OpenBSD Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking. The computation cost of the algorithm is parameterised, so it can be increased as computers get faster.

JUnit regression tests are available in in TestBCrypt.java

jBCrypt is licensed under a ISC/BSD licence. See the LICENSE file for details.

Please report bugs to Damien Miller djm@mindrot.org. Please check the TODO file first, in case your problem is something I already know about (please send patches!)

A simple example that demonstrates most of the features:

// Hash a password for the first time
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// gensalt's log_rounds parameter determines the complexity
// the work factor is 2**log_rounds, and the default is 10
String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12));

// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
	System.out.println("It matches");
else
	System.out.println("It does not match");

There is also a C#/.NET port by Derek Slager

Package notes

This is an alternative distribution of jBCrypt. It has been packaged to ease use in existing applications — especially those using Apache Maven.

The code is unchanged from the original jBCrypt 0.4, however:

  • The classes have been moved to a java package to avoid pollution of the global namespace. org.mindrot was chosen to reflect their original origin.
  • The JBCrypt class javadoc has been changed to version 0.4. The official package incorrectly contains 0.2 as the stated version.
  • A pom.xml file has been added for use with Maven

Maven setup

Install it to your local Maven repository:

mvn clean javadoc:jar source:jar install

Use it in your project by adding the following to your project pom.xml:

    <dependency>
        <groupId>org.mindrot</groupId>
        <artifactId>jbcrypt</artifactId>
        <version>0.3</version>
    </dependency>