-
Notifications
You must be signed in to change notification settings - Fork 27
Usage of Password4j
David Bertoldi edited this page Feb 18, 2021
·
6 revisions
Password4j uses 3 verbs:
-
hash
in order to hash a plain text password -
check
in order to check and hash against a plain text password -
update
in order to update an hash after it is checked.
A possible statement is
Hash hash = Password.hash(plaintTextPassword)
.addNewRandomSalt()
.addPepper(somePepper)
.withSCrypt();
which hashes a plainTextPassword
with scrypt prepending somePepper
and adding a randomly generated salt.
Aside from indentation, this is just a one line of Java code!
For more information about Password4j statements, see here.
An object of type Hash
is always returned when you use the hash
verb. For example:
Hash hash = Password.hash(plainTextPassword)...
It always contains:
Attribute | Example |
---|---|
The computed hash as String
|
hash.getResult() |
The computed hash as byte[]
|
hash.getBytes() |
The salt used during the computation as String
|
hash.getSalt() |
The pepper used for the computation as CharSequence
|
hash.getPepper() |
A singleton instance of the HashingFunction used for the computation |
hash.getHashingFunction() |
An object of type HashUpdate
is always returned when you use the update
verb. For example:
HashUpdate update = Password.check(hash, plainTextPassword)...andUpdate()...
It always contains:
Attribute | Example |
---|---|
A boolean which tells if the check is passed. |
update.isVerified() |
An Hash object containing the information of the refreshed hash. If the check has not passed, this is null . |
update.getHash() |