I am no longer actively maintaining this project. As far as I know, it never gained any users and is generally of limited usefulness because most web frameworks bring their own hashing mechanisms these days.
Pwhash is a library inspired by password_hash()
family of function in the PHP standard library. It is meant to offer
modern password hashing algorithms to be used by a unified interface allowing simple hashing, verification and upgrading
of existing hashes
For now, it is planned to support argon2 and bcrypt as modern password hashing algorithms. The interface can be extended to easily include newer strategies if they become available.
For argon2, this library uses this library. It comes in two flavors, one with the native libraries bundled, and one without the native libraries bundled. This is why the dependency to it is listed as provided in the pom. This means that when depending on this library, you also need to depend on either
<dependency>
<groupId>de.mkammerer</groupId>
<artifactId>argon2-jvm-nolibs</artifactId>
</dependency>
or
<dependency>
<groupId>de.mkammerer</groupId>
<artifactId>argon2-jvm</artifactId>
</dependency>
If you depend on the former, you will need to install the argon2 native libraries on your system. If you depend on the latter, they will come bundled with the JVM library.
Bcrypt is supported via jBcrypt
PBKDF2 is supported for use with older, existing password hashes. It should not be used for new applications. Currently, the library supports the flavors using SHA512, SHA256 and SHA1.
The root pom.xml
of this project functions as a BOM.
In order to use it, add this to your <dependencyManagement>
section in your pom.xml
<dependencyManagement>
<dependency>
<groupId>de.slevermann</groupId>
<artifactId>pwhash</artifactId>
<version>3.0.0</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencyManagement>
After this, you can define your dependencies without specifying versions, as they are handled by the BOM. For core support, you need to depend on
<dependency>
<groupId>de.slevermann</groupId>
<artifactId>pwhash-core</artifactId>
</dependency>
and your choice of one argon2 provider as listed above.
If you also need PBKDF2 support for legacy reasons, use
<dependency>
<groupId>de.slevermann</groupId>
<artifactId>pwhash-pbkdf2</artifactId>
</dependency>
For the current development snapshot version, use
<dependency>
<groupId>de.slevermann</groupId>
<artifactId>pwhash</artifactId>
<version>3.1.0-SNAPSHOT</version>
<scope>import</scope>
<type>pom</type>
</dependency>