Giter VIP home page Giter VIP logo

jbcrypt's Introduction

Build Status

JBCrypt

jBCrypt is an implementation of the OpenBSD Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking. The computation cost of the algorithm is parameterised, so it can be increased as computers get faster.

JUnit regression tests are available in in TestBCrypt.java

jBCrypt is licensed under a ISC/BSD licence. See the LICENSE file for details.

Please report bugs to Damien Miller [email protected]. Please check the TODO file first, in case your problem is something I already know about (please send patches!)

A simple example that demonstrates most of the features:

// Hash a password for the first time
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// gensalt's log_rounds parameter determines the complexity
// the work factor is 2**log_rounds, and the default is 10
String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12));

// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
	System.out.println("It matches");
else
	System.out.println("It does not match");

There is also a C#/.NET port by Derek Slager

Package notes

This is an alternative distribution of jBCrypt. It has been packaged to ease use in existing applications โ€” especially those using Maven Central.

The code is unchanged from the original jBCrypt 0.4, however:

  • The JBCrypt class JavaDoc has been changed to version 0.4. The official package incorrectly contains 0.2 as the stated version.
  • A pom.xml file has been added for use with Maven
  • Unit tests are automatically executed by travis-ci.org
  • Sources a compiled against Java 1.8
  • The artifact can be used as a OSGi bundle

Maven setup

Use it in your project by adding the following to your project pom.xml:

    <dependency>
        <groupId>de.svenkubiak</groupId>
        <artifactId>jBCrypt</artifactId>
        <version>0.4.1</version>
    </dependency>

jbcrypt's People

Contributors

glenkpeterson avatar mikesir87 avatar svenkubiak avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

gitblit gdelafosse mikesir87 jvataman davidmarkcarlson infusionsoft semtle msrocka wolfieorama jucalee mindrix95 ayfarag102 glenkpeterson

jbcrypt's Issues

char[] instead of String?

Hi there,

Thanks for your work on this.

I'd like to ask, is there any reason hashpw method works with String instead of char[]? Wouldn't it be better if array was used, as it's not interned and may be removed from memory?

Compiler target set too high (1.5 suffices)

The BCrypt code wrapped by this package compiles fine with a compiler target of 1.5, but this package's POM sets it to 1.8. This unfortunately means that JDK 1.8 is the minimum requirement for the artifacts released on Maven Central, even though the code itself works fine with JDK 1.5.

Missing LICENSE

The readme states

jBCrypt is licensed under a ISC/BSD licence. See the LICENSE file for details.

but said file doesn't exist.

Given the clause from https://github.com/jeremyh/jBCrypt/blob/master/LICENSE that reads "provided that the above copyright notice and this permission notice appear in all copies" I think it needs to be added ๐Ÿ˜„

Clarify "moved to a java package" in README

You say:

The classes have been moved to a java package to avoid pollution of the global namespace. org.mindrot was chosen to reflect their original origin.

However, when I download http://www.mindrot.org/files/jBCrypt/jBCrypt-0.4.zip I see that the first line in BCrypt.java is "package org.mindrot.jbcrypt;". So what do you mean that the classes have been moved to a java package? They seem to already be in a Java package to me.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.