ufsimple.blogg.se - Encryption project of swing java

If two users have the same password they will not have the same password hash. Salted hashing - Generating random bytes (the salt) and combining it with the password before hashing creates unique hashes across each user's password.One way hashing - BCrypt is a one-way hash function to obfuscate the password such that it is not stored in plain text.

Unfortunately, a lot of users share passwords across websites.

Not plain text - Not only do plain text passwords compromise your website if the database is breached but they can also compromise other websites for the users.

jBCrypt is a Java implementation of BCrypt. Algorithms such as PBKDF2 could be used as a more thoroughly tested algorithm but BCrypt is commonly used as well. It wouldn't be accurate to say BCrypt is the best way to store passwords but it should be good enough. It provides several enhancements over plain text passwords (unfortunately this still happens quite often) and traditional hashing algorithms (md5). BCrypt is a one-way salted hash function based on the Blowfish cipher.