Java: Using bcrypt to salt passwords

If you're storing passwords, don't simply hash them, use bcrpyt.

Bcrypt was designed salt passwords in a way which makes it incredibly resource and time expensive to crack. See

jBcrypt is the Java implementation. Salt a password like so:

	String password = BCrypt.hashpw("password", BCrypt.gensalt(12));

The number in the gen salt method specifies the number of rounds of hashing to apply.

The resulting salt is encoded in the password.

The check if a candidate string is the same as the hashed string, you can do the following

	BCrypt.checkpw(candidate, hashedValue);
java bcrypt

Edit on github
comments powered by Disqus
Click me