Skip to content

sonOfRa/pwhash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits

.mvn/wrapper

.mvn/wrapper

 
 

examples

examples

 
 

pwhash-core

pwhash-core

 
 

pwhash-migrationtest

pwhash-migrationtest

 
 

pwhash-pbkdf2

pwhash-pbkdf2

 
 

src/site

src/site

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

mvnw

mvnw

 
 

mvnw.cmd

mvnw.cmd

 
 

pom.xml

pom.xml

 
 

Repository files navigation

Build Status Quality Gate SonarCloud Coverage SonarCloud Bugs SonarCloud Vulnerabilities

UNMAINTAINED

I am no longer actively maintaining this project. As far as I know, it never gained any users and is generally of limited usefulness because most web frameworks bring their own hashing mechanisms these days.

pwhash

Pwhash is a library inspired by password_hash() family of function in the PHP standard library. It is meant to offer modern password hashing algorithms to be used by a unified interface allowing simple hashing, verification and upgrading of existing hashes

Supported algorithms

For now, it is planned to support argon2 and bcrypt as modern password hashing algorithms. The interface can be extended to easily include newer strategies if they become available.

Modern

Argon2

For argon2, this library uses this library. It comes in two flavors, one with the native libraries bundled, and one without the native libraries bundled. This is why the dependency to it is listed as provided in the pom. This means that when depending on this library, you also need to depend on either

<dependency>
    <groupId>de.mkammerer</groupId>
    <artifactId>argon2-jvm-nolibs</artifactId>
</dependency>

or

<dependency>
    <groupId>de.mkammerer</groupId>
    <artifactId>argon2-jvm</artifactId>
</dependency>

If you depend on the former, you will need to install the argon2 native libraries on your system. If you depend on the latter, they will come bundled with the JVM library.

Bcrypt

Bcrypt is supported via jBcrypt

Compatibility

PBKDF2

PBKDF2 is supported for use with older, existing password hashes. It should not be used for new applications. Currently, the library supports the flavors using SHA512, SHA256 and SHA1.

Maven dependency

Release version

The root pom.xml of this project functions as a BOM. In order to use it, add this to your <dependencyManagement> section in your pom.xml

<dependencyManagement>
    <dependency>
        <groupId>de.slevermann</groupId>
        <artifactId>pwhash</artifactId>
        <version>3.0.0</version>
        <scope>import</scope>
        <type>pom</type>
    </dependency>
</dependencyManagement>

After this, you can define your dependencies without specifying versions, as they are handled by the BOM. For core support, you need to depend on

<dependency>
    <groupId>de.slevermann</groupId>
    <artifactId>pwhash-core</artifactId>
</dependency>

and your choice of one argon2 provider as listed above.

If you also need PBKDF2 support for legacy reasons, use

<dependency>
    <groupId>de.slevermann</groupId>
    <artifactId>pwhash-pbkdf2</artifactId>
</dependency>

Development version

For the current development snapshot version, use

<dependency>
    <groupId>de.slevermann</groupId>
    <artifactId>pwhash</artifactId>
    <version>3.1.0-SNAPSHOT</version>
    <scope>import</scope>
    <type>pom</type>
</dependency>

About

A PHP-inspired password hashing library for Java

pwhash.slevermann.de

Resources

Readme

License

View license
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 5

Version 3.0.0 Latest
Feb 4, 2018
+ 4 releases

Packages

No packages published

Languages