home.


Tagged: bcrypt


Gradle: Hello world Java with a fat jar

Create your build.gradle with your dependencies and a jar section that collects all your libraries into the jar and sets the Main class file.

apply plugin: 'java'

repositories {
   mavenCentral()
}

dependencies {
    compile 'org.mindrot:jbcrypt:0.3m'
}

jar {
    from {
        (configurations.runtime).collect {
            it.isDirectory() ? it : zipTree(it)
        }
    }
    manifest {
        attributes("Main-Class": "Main" )
    }
}

Now create a basic hello world, using the library we imported:

import org.mindrot.jbcrypt.BCrypt;

public class Main {
        public static void main(String[] args) {
                String password = BCrypt.hashpw("password", BCrypt.gensalt(10));
                System.out.println(password);
        }
}

Now build and run your jar:

$ gradle clean build && java -jar build/libs/THE_NAME_OF_YOUR_JAR.jar
...
$2a$10$R6q8LOed8LqXCOIhBnzhMecyebv/8v1urKjU76JMJGUctnZ8VkyZu
java gradle fat-jar jar bcrypt

Java: Using bcrypt to salt passwords

If you’re storing passwords, don’t simply hash them, use bcrpyt.

Bcrypt was designed salt passwords in a way which makes it incredibly resource and time expensive to crack. See http://en.wikipedia.org/wiki/Bcrypt

jBcrypt is the Java implementation. Salt a password like so:

    String password = BCrypt.hashpw("password", BCrypt.gensalt(12));

The number in the gen salt method specifies the number of rounds of hashing to apply.

The resulting salt is encoded in the password.

The check if a candidate string is the same as the hashed string, you can do the following

    BCrypt.checkpw(candidate, hashedValue);
java security bcrypt

Page 1 of 1