// Copyright (c) 2006 Damien Miller
//
// Permission to use copy modify and distribute this software for any
// purpose with or without fee is hereby granted provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED “AS IS“ AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
// ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN
// ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
package entity;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
/**
* BCrypt implements OpenBSD-style Blowfish password hashing using
* the scheme described in “A Future-Adaptable Password Scheme“ by
* Niels Provos and David Mazieres.
*
* This password hashing system tries to thwart off-line password
* cracking using a computationally-intensive hashing algorithm
* based on Bruce Schneier‘s Blowfish cipher. The work factor of
* the algorithm is parameterised so it can be increased as
* computers get faster.
*
* Usage is really simple. To hash a password for the first time
* call the hashpw method with a random salt like this:
*
*
* String pw_hash = BCrypt.hashpw(plain_password BCrypt.gensalt());
*
*
* To check whether a plaintext password matches one that has been
* hashed previously use the checkpw method:
*
*
* if (BCrypt.checkpw(candidate_password stored_hash))
* System.out.println(“It matches“);
* else
* System.out.println(“It does not match“);
*
*
* The gensalt() method takes an optional parameter (log_rounds)
* that determines the computational complexity of the hashing:
*
*
* String strong_salt = BCrypt.gensalt(10)
* String stronger_salt = BCrypt.gensalt(12)
*
*
* The amount of work increases exponentially (2**log_rounds) so
* each increment is twice as much work. The default log_rounds is
* 10 and the valid range is 4 to 30.
*
* @version 0.2
*/
public class BCrypt {
// BCrypt parameters
private static final int GENSALT_DEFAULT_LOG2_ROUNDS = 10;
private static final int BCRYPT_SALT_LEN = 16;
// Blowfish parameters
private static final int BLOWFISH_NUM_ROUNDS = 16;
// Initial contents of key schedule
private static final int P_orig[] = {
0x243f6a88 0x85a308d3 0x13198a2e 0x03707344
0xa4093822 0x299f31d0 0x082efa98 0xec4e6c89
0x452821e6 0x38d01377 0xbe5466cf 0x34e90c6c
0xc0ac29b7 0xc97c50dd 0x3f84d5b5 0xb5470917
0x9216
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件举报,一经查实,本站将立刻删除。
评论列表(条)