Tagged: bcrypt

Gradle: Hello world Java with a fat jar

Create your build.gradle with your dependencies and a jar section that collects all your libraries into the jar and sets the Main class file.

apply plugin: 'java'

repositories {

dependencies {
    compile 'org.mindrot:jbcrypt:0.3m'

jar {
    from {
        (configurations.runtime).collect {
            it.isDirectory() ? it : zipTree(it)
    manifest {
        attributes("Main-Class": "Main" )

Now create a basic hello world, using the library we imported:

import org.mindrot.jbcrypt.BCrypt;

public class Main {
        public static void main(String[] args) {
                String password = BCrypt.hashpw("password", BCrypt.gensalt(10));

Now build and run your jar:

$ gradle clean build && java -jar build/libs/THE_NAME_OF_YOUR_JAR.jar
java gradle fat-jar jar bcrypt

Java: Using bcrypt to salt passwords

If you’re storing passwords, don’t simply hash them, use bcrpyt.

Bcrypt was designed salt passwords in a way which makes it incredibly resource and time expensive to crack. See http://en.wikipedia.org/wiki/Bcrypt

jBcrypt is the Java implementation. Salt a password like so:

    String password = BCrypt.hashpw("password", BCrypt.gensalt(12));

The number in the gen salt method specifies the number of rounds of hashing to apply.

The resulting salt is encoded in the password.

The check if a candidate string is the same as the hashed string, you can do the following

    BCrypt.checkpw(candidate, hashedValue);
java security bcrypt

Page 1 of 1