Statements
In order to produce an hash with any of the algorithms included in Password4j, you can build a statement based on dot-notation as it follows:
Hash hash = Password.hash(password)
// choose none or one of the following to:
.addSalt(customSalt) // add a user-defined salt
.addRandomSalt(length) // a random salt with a user-defined length
.addRandomSalt() // a random salt of 64 bytes
// choose none or one of the following to:
.addPepper(customPepper) // add a user-defined pepper
.addPepper() // add the pepper defined in psw4j.properties file
// choose one of the following to:
.withXXX() // hash with a function defined in the psw4j.properties file (replace XXX with the name of the function)
.with(function); // hash with a user-defined functionReplace withXXX() with:
-
withPBKDF2()for PBKDF2 -
withCompressedPBKDF2()for Compressed PBKDF2 -
withBCrypt()for bcrypt -
withSCrypt()for scrypt -
withArgon2()for Argon2 - (legacy)
withMessageDigest()for message digests
In order to verify an hash against a user password with any of the algorithms included in Password4j, you can build a statement based on dot-notation as it follows:
boolean verified = Password.check(hash, password)
// choose none or one of the following to:
.addSalt(customSalt) // add a user-defined salt
.addRandomSalt(length) // a random salt with a user-defined length
.addRandomSalt() // a random salt of 64 bytes
// choose none or one of the following to:
.addPepper(customPepper) // add a user-defined pepper
.addPepper() // add the pepper defined in psw4j.properties file
// choose one of the following to:
.withXXX() // check with a function defined in the psw4j.properties file
.with(function); // check with a user-defined functionReplace withXXX() with:
-
withPBKDF2()for PBKDF2 -
withCompressedPBKDF2()for Compressed PBKDF2 -
withBCrypt()for bcrypt -
withSCrypt()for scrypt -
withArgon2()for Argon2 - (legacy)
withMessageDigest()for message digests
In order to verify an hash against a user password with any of the algorithms included in Password4j and hash the same password with a different configuration if the check passes, you can build a statement based on dot-notation as it follows:
HashUpdate update = Password.check(hash, password)
... // same as check()
.andUpdate()
// choose none or one of the following to:
.addNewSalt(customSalt) // add a user-defined salt
.addNewRandomSalt(length) // a random salt with a user-defined length
.addNewRandomSalt() // a random salt of 64 bytes
// if none has been chosen then the old salt is preserved
// choose none or one of the following to:
.addNewPepper(customPepper) // add a user-defined pepper
.addNewPepper() // add the pepper defined in psw4j.properties file
// if none has been chosen then the old pepper is preserved
// choose one of the following to:
.withXXX(function) // check with a function defined in the psw4j.properties file and hash with a user-defined function
.with(oldF, newF); // check with a user-defined function and hash with a different user-defined functionReplace withXXX(function) with:
-
withPBKDF2(function)for PBKDF2 -
withCompressedPBKDF2(function)for Compressed PBKDF2 -
withBCrypt(function)for bcrypt -
withSCrypt(function)for scrypt -
withArgon2(function)for Argon2 - (legacy)
withMessageDigest(function)for message digests
