Usage of Password4j - Password4j/password4j GitHub Wiki
Password4j uses 3 verbs:
hashin order to hash a plain text passwordcheckin order to check and hash against a plain text passwordupdatein order to update an hash after it is checked.
A possible statement is
Hash hash = Password.hash(plaintTextPassword)
.addNewRandomSalt()
.addPepper(somePepper)
.withSCrypt();
which hashes a plainTextPassword with scrypt prepending somePepper and adding a randomly generated salt.
Aside from indentation, this is just a one line of Java code!
For more information about Password4j statements, see here.
The Hash object
An object of type Hash is always returned when you use the hash verb. For example:
Hash hash = Password.hash(plainTextPassword)...
It always contains:
| Attribute | Example |
|---|---|
The computed hash as String |
hash.getResult() |
The computed hash as byte[] |
hash.getBytes() |
The salt used during the computation as String |
hash.getSalt() |
The pepper used for the computation as CharSequence |
hash.getPepper() |
A singleton instance of the HashingFunction used for the computation |
hash.getHashingFunction() |
The HashUpdate object
An object of type HashUpdate is always returned when you use the update verb. For example:
HashUpdate update = Password.check(hash, plainTextPassword)...andUpdate()...
It always contains:
| Attribute | Example |
|---|---|
A boolean which tells if the check is passed. |
update.isVerified() |
An Hash object containing the information of the refreshed hash. If the check has not passed, this is null. |
update.getHash() |