3

I'm using on php server function crypt like this:

$hash = crypt($password, '$2y$10$' . $salt);

It makes hash of password by Blowfish method.

I'm looking for java equivalent for crypt password.

I found this code, but I don't know where add $salt. More above:

String key = "abcd";
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(cipher.ENCRYPT_MODE, keySpec);
return DatatypeConverter.printBase64Binary(cipher.doFinal(key.getBytes()));

Thank's for every idea or answer.

zx81
  • 41,100
  • 9
  • 89
  • 105
Payne
  • 456
  • 6
  • 21

2 Answers2

0

Not an answer to your question but maybe it helps:

There is the Apache Commons Codec library that contains a Linux crypt(3) compatible function for at least des,md5,sha256 and sha512 based crypt() algorithms in case you don't really need blowfish but just something stronger than the traditional DES based hashes (use sha512 then): http://svn.apache.org/viewvc/commons/proper/codec/trunk/src/main/java/org/apache/commons/codec/digest/Md5Crypt.java?view=markup

And there's other source code that implements the Blowfish algorithm but it's in C: http://doxygen.postgresql.org/crypt-blowfish_8c_source.html

As you can see crypt() uses algorithms that are only based on those encryption ciphers but pipes the input several thousant times through them to get a nice hash value.

lathspell
  • 3,040
  • 1
  • 30
  • 49
0

Now I did found some java implementations of crypt(3) with blowfish:

http://www.mindrot.org/projects/jBCrypt/ (last update 2010)

and

http://docs.spring.io/spring-security/site/docs/3.2.3.RELEASE/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html

lathspell
  • 3,040
  • 1
  • 30
  • 49