-
Notifications
You must be signed in to change notification settings - Fork 34
Statements
David Bertoldi edited this page Feb 18, 2021
·
3 revisions
In order to produce an hash with any of the algorithms included in Password4j, you can build a statement based on dot-notation as it follows:
Hash hash = Password.hash(password)
// choose none or one of the following to:
.addSalt(customSalt) // add a user-defined salt
.addRandomSalt(length) // a random salt with a user-defined length
.addRandomSalt() // a random salt of 64 bytes
// choose none or one of the following to:
.addPepper(customPepper) // add a user-defined pepper
.addPepper() // add the pepper defined in psw4j.properties file
// choose one of the following to:
.withXXX() // hash with a function defined in the psw4j.properties file (replace XXX with the name of the function)
.with(function); // hash with a user-defined function
Replace withXXX()
with:
-
withPBKDF2()
for PBKDF2 -
withCompressedPBKDF2()
for Compressed PBKDF2 -
withBCrypt()
for bcrypt -
withSCrypt()
for scrypt -
withArgon2()
for Argon2 - (legacy)
withMessageDigest()
for message digests
In order to verify an hash against a user password with any of the algorithms included in Password4j, you can build a statement based on dot-notation as it follows:
boolean verified = Password.check(hash, password)
// choose none or one of the following to:
.addSalt(customSalt) // add a user-defined salt
.addRandomSalt(length) // a random salt with a user-defined length
.addRandomSalt() // a random salt of 64 bytes
// choose none or one of the following to:
.addPepper(customPepper) // add a user-defined pepper
.addPepper() // add the pepper defined in psw4j.properties file
// choose one of the following to:
.withXXX() // check with a function defined in the psw4j.properties file
.with(function); // check with a user-defined function
Replace withXXX()
with:
-
withPBKDF2()
for PBKDF2 -
withCompressedPBKDF2()
for Compressed PBKDF2 -
withBCrypt()
for bcrypt -
withSCrypt()
for scrypt -
withArgon2()
for Argon2 - (legacy)
withMessageDigest()
for message digests
In order to verify an hash against a user password with any of the algorithms included in Password4j and hash the same password with a different configuration if the check passes, you can build a statement based on dot-notation as it follows:
HashUpdate update = Password.check(hash, password)
... // same as check()
.andUpdate()
// choose none or one of the following to:
.addNewSalt(customSalt) // add a user-defined salt
.addNewRandomSalt(length) // a random salt with a user-defined length
.addNewRandomSalt() // a random salt of 64 bytes
// if none has been chosen then the old salt is preserved
// choose none or one of the following to:
.addNewPepper(customPepper) // add a user-defined pepper
.addNewPepper() // add the pepper defined in psw4j.properties file
// if none has been chosen then the old pepper is preserved
// choose one of the following to:
.withXXX(function) // check with a function defined in the psw4j.properties file and hash with a user-defined function
.with(oldF, newF); // check with a user-defined function and hash with a different user-defined function
Replace withXXX(function)
with:
-
withPBKDF2(function)
for PBKDF2 -
withCompressedPBKDF2(function)
for Compressed PBKDF2 -
withBCrypt(function)
for bcrypt -
withSCrypt(function)
for scrypt -
withArgon2(function)
for Argon2 - (legacy)
withMessageDigest(function)
for message digests