Questions tagged [jbcrypt]

The Java implementation of OpenBSD's Blowfish password hashing code.

jBCrypt is the Java implementation of OpenBSD's Blowfish password hashing code, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières.

This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking and frustrate fast hardware implementation. The computation cost of the algorithm is parametised, so it can be increased as computers get faster. The intent is to make a compromise of a password database less likely to result in an attacker gaining knowledge of the plaintext passwords (e.g. using John the Ripper).

jBCrypt is licensed under a ISC/BSD licence (see the LICENSE file for details) and ships with a set of JUnit unit tests to verify correct operation of the library and compatibility with the canonical C implementation of the bcrypt algorithm.

The project home page http://www.mindrot.org/projects/jBCrypt/.

39 questions

votes

2 answers

Invalid salt revision when comparing Python generated hash with raw password in Java

So I've created a database which stores user information and their hashed password, which is hashed using a Python script using the bcrypt module. Now to login using my Java client, I am using the JBCrypt library included as a Maven dependency in my…

asked Mar 04 '18 at 12:02

madcrazydrumma

1,847
3
20
38

votes

1 answer

jBCrypt String index out of range: 0 error on starting app in Netbeans

I'm receiving the following error in the Apache logs when starting my application I've found BCrypt.checkpw() Invalid salt version exception But this is not a match as the passwords stored in the DB for my users are hashed and this error appears on…

java jbcrypt

asked Oct 29 '17 at 23:18

Graham

votes

1 answer

Should I use jBcrypt or PBKDF2 for password salting in Java?

Hello Everyone! I am still fairly new to Java programming, so please forgive me if this question is not thorough enough. I am trying to find a way to salt and hash my passwords in Java for a web app that requires a password login. I tried to use the…

java bouncycastle bcrypt scrypt jbcrypt

asked Apr 12 '17 at 02:26

Perdue

votes

1 answer

jBCrypt dependency not working

I am using heroku embedded tomcat for my web application. In my user registration page, I have function : private static String hashPwd(String pwd) { return BCrypt.hashpw(pwd, BCrypt.gensalt()); } I added this dependency in…

maven tomcat heroku jbcrypt

asked Apr 03 '17 at 11:23

Bhavik

votes

0 answers

Why jbcrypt does not need a salt at comparison

I am currently looking for a librarly to store a salted, hashed password in a web app. I came across mindrot's jbcrypt and think it might be the right choice (also see…

java jbcrypt

asked Dec 25 '16 at 08:16

Christian

votes

1 answer

Unable to validate passwordhash+salt created using php password_hash() using jBcrypt

We are migrating our authentication module from PHP to Java. Currently the password hash+salt is stored in the database using BCrypt algorithm. This value is generated by using PHP's password_hash() function. For validating plain text password, we…

java php hash bcrypt jbcrypt

asked Aug 19 '16 at 13:42

Jayakrishnan GK

votes

1 answer

jBCrypt 0.3 C# Port (BCrypt.net)

After looking into a bug in the original jBCrypt v0.1 C# port: BCrypt.net (Related Question). I decided to compare the new jBCrypt code against the old C# port to look for discrepancies and potential issues like the related question's bug. Here is…

c# bcrypt bcrypt.net jbcrypt

asked Feb 08 '10 at 16:33

David Murdoch

87,823
39
148
191

votes

1 answer

Is jBCrypt's default log_rounds still appropriate for 2013

I've been using jBCrypt version 0.3 out-of-the-box now since it came out in 2010. I use the default getsalt() method which sets the number of "log_rounds" to 10. Given the progression of password cracking hardware and methods, is this value still…

password-encryption jbcrypt

asked Dec 15 '12 at 23:29

pjklauser

1,156
11
13

vote

1 answer

Why is org.mindrot.JBCrypt saying Bad salt length here?

Example is worth a thousand words, hopefully. In case it doesn't, here're a couple tests to hash the plainText hello world using a salt seed static seed to be used in the first test and static seed to be usedd in the second test. Salt seed is used…

java spring bcrypt jbcrypt

asked Dec 14 '18 at 00:02

user3758745

vote

1 answer

jBCrypt checkpw returns true even though passwords are different

I'm pretty much sure I must be doing something completely wrong, but why is this test failing for the last two assertions? Two relatively similar, but nevertheless different Strings (basically JWT) test ok with the hashes of the other? @Test public…

jbcrypt

asked Dec 14 '17 at 22:03

Alex

vote

1 answer

Downloaded jbcrypt, how do I install it in an existing netbeans project?

Downloaded here: http://www.mindrot.org/projects/jBCrypt/ Now I have a jbcrypt file, how do I import it into my existing netbeans project? Googled for a bit but couldn't find anything on how to do this.

netbeans jbcrypt

asked May 23 '17 at 21:53

John Doe

vote

1 answer

Check if a string has been hashed with BCrypt or not

I am using the Java implementation of BCrypt and I want to test if a string has already been hashed with BCrypt. Is it possible to to that ? I couldn't find anything. It would work like this if (!BCrypt.hasBeenHashed(myString)) { return…

java hash bcrypt jbcrypt

asked Sep 17 '15 at 13:55

c4k

4,270
4
40
65

vote

1 answer

Is Spring Security's BCrypt implementation vulnerable?

A security audit at our company found that the prefix of our bcrypt hashes are "$2a$". According to [1] and [2] this could indicate that an older, vulnerable bcrypt implementation is used. So - here my questions: Does Spring Security's bcrypt…

spring-security bcrypt jbcrypt

asked Apr 20 '15 at 06:23

derkoe

5,649
2
23
31

vote

2 answers

BCrypt vs PBKDF2WithHmacSHA1

In order to hash passwords securely, which algorithm should I use? BCrypt or PBKDF2WithHmacSHA1? Which is more secure? PBKDF2WithHmacSHA1 is built into Java while BCrypt is available via jBCrypt library (which has mostly received positive…

java security bcrypt pbkdf2 jbcrypt

asked Oct 11 '14 at 06:07

Pratanu Mandal

vote

0 answers

Can I safely change jBcrypt's algorithm identifier to y?

Due to a vulnerability in php the algorithm prefix was changed from a to y. More detail here: http://blog.ircmaxell.com/2012/12/seven-ways-to-screw-up-bcrypt.html . I've checked and jbcrypt is producing $2a$... hashes. It seems as though it is not…

java security bcrypt jbcrypt

asked Jul 10 '14 at 17:54

chacham15

13,719
26
104
207

Prev 1

3 Next