|
| 1 | +# JBCrypt |
| 2 | +jBCrypt is an implementation the OpenBSD Blowfish password hashing algorithm, |
| 3 | +as described in ["A Future-Adaptable Password |
| 4 | +Scheme"](http://www.openbsd.org/papers/bcrypt-paper.ps) by Niels Provos and |
| 5 | +David Mazieres. |
| 6 | + |
| 7 | +This system hashes passwords using a version of Bruce Schneier's Blowfish block |
| 8 | +cipher with modifications designed to raise the cost of off-line password |
| 9 | +cracking. The computation cost of the algorithm is parameterised, so it can be |
| 10 | +increased as computers get faster. |
| 11 | + |
| 12 | +JUnit regression tests are available in in TestBCrypt.java |
| 13 | + |
| 14 | +jBCrypt is licensed under a ISC/BSD licence. See the LICENSE file for details. |
| 15 | + |
| 16 | +Please report bugs to Damien Miller <[email protected]>. Please check the |
| 17 | +TODO file first, in case your problem is something I already know about |
| 18 | +(please send patches!) |
| 19 | + |
| 20 | +A simple example that demonstrates most of the features: |
| 21 | + |
| 22 | + // Hash a password for the first time |
| 23 | + String hashed = BCrypt.hashpw(password, BCrypt.gensalt()); |
| 24 | + |
| 25 | + // gensalt's log_rounds parameter determines the complexity |
| 26 | + // the work factor is 2**log_rounds, and the default is 10 |
| 27 | + String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12)); |
| 28 | + |
| 29 | + // Check that an unencrypted password matches one that has |
| 30 | + // previously been hashed |
| 31 | + if (BCrypt.checkpw(candidate, hashed)) |
| 32 | + System.out.println("It matches"); |
| 33 | + else |
| 34 | + System.out.println("It does not match"); |
| 35 | + |
| 36 | +There is also a [C#/.NET port by Derek Slager](http://derekslager.com/blog/posts/2007/10/bcrypt-dotnet-strong-password-hashing-for-dotnet-and-mono.ashx) |
| 37 | + |
| 38 | + |
| 39 | +# Package notes |
| 40 | + |
| 41 | +This is an alternative distribution of [jBCrypt](http://www.mindrot.org/projects/jBCrypt). It has been |
| 42 | +packaged to ease use in existing applications — especially those using |
| 43 | +Apache Maven. |
| 44 | + |
| 45 | +The code is unchanged from the original jBCrypt 0.3, however: |
| 46 | + |
| 47 | +- The classes have been moved to a java package to avoid pollution of the |
| 48 | + global namespace. *org.mindrot* was chosen to reflect their original origin. |
| 49 | +- The JBCrypt class javadoc has been changed to version 0.3. The official |
| 50 | + package incorrectly contains 0.2 as the stated version. |
| 51 | +- A pom.xml file has been added for use with Maven |
| 52 | + |
| 53 | +## Maven setup |
| 54 | + |
| 55 | +Install it to your local Maven repository: |
| 56 | + |
| 57 | + mvn clean javadoc:jar source:jar install |
| 58 | + |
| 59 | +Use it in your project by adding the following to your project *pom.xml*: |
| 60 | + |
| 61 | + <dependency> |
| 62 | + <groupId>org.mindrot</groupId> |
| 63 | + <artifactId>jbcrypt</artifactId> |
| 64 | + <version>0.3</version> |
| 65 | + </dependency> |
| 66 | + |
0 commit comments