1

I am using the Java implementation of BCrypt and I want to test if a string has already been hashed with BCrypt. Is it possible to to that ?

I couldn't find anything. It would work like this

if (!BCrypt.hasBeenHashed(myString)) {
    return BCrypt.hashpw(myString, salt);
}

// BCrypt.hasBeenHashed("my-new-password") > FALSE
// BCrypt.hasBeenHashed("$fdshjkfhdsfhdjkshfjdhfjd") > TRUE

The idea is that I have an automatic method that hashes some strings at creation. When I update the object, I want it to hash only the "new values".

Thanks.

c4k
  • 4,270
  • 4
  • 40
  • 65
  • 1
    No. There is no mechanism to do that. – Elliott Frisch Sep 17 '15 at 13:57
  • I think you'll need to store the "has been hashed" information for each string elsewhere, e.g. in some kind of `Map`. The `$` sign at `myString.charAt(0)` would be the only other way I could think of, but that's not very reliable since your input strings could contain anything (and start with `$`). – Hexaholic Sep 17 '15 at 14:02

1 Answers1

0

You could read the lenght all hashes are exactly the same lenght provided the same algorithm is used. 22 or 32 or 53 depending on your implementation. If in Java 53 is used. To make this more reliable you could also detect that the first character is $ and the whole string should be 53 characters. Positions 3 and 6 also contain $. There is other factors as well that can be checked such as the work factor being the same. This is represented by the position 1 and 2 the combination of all this and a verification to make sure that the user doesn't input something like that. If this is not viable creating a instance boolean that is set to true when the password is hashed but requires that each password be it's own object.

Hector Daniel Prado Jimenez
  • 1
  • 2
  • Yes, I thought of that but as said by @Hexaholic, this is not 100% sure since a user can have a password that fit exactly these requirements. – c4k Sep 17 '15 at 14:15