Java Password Hashing (Bcrypt)

-

This article is an extension of the Python Password Hashing article which explains some of the flaws in traditional password hashing and how it can be mitigated with salting. The article can be found here: https://vinsloev.blogspot.com/2019/07/python-password-hashing-bcrypt.html

 As an introduction to this article a short explanation of password hashing in general can be found below.

 A hash is designed to act as ”one-way-function” making it easy to perform but very hard to reverse. The reason why this is so beneficial when it comes to password managing and login handling, is because it allows the developers to convert the original password into a unique phrase that can be stored in the database. By using a hash function the application don’t have to match the original password in clear text with the password given upon login as it does not know what that password is. Instead it only need to know what hashing function where used and then see if the password entered generates the same hash value as the one saved in the database. This little trick provides the same login functionality as when all passwords were in clear text but the difference here is that now it’s only the user who knows exactly what the password is.

 With a firm understanding of Password Hashing its time to see how such can be utilized in Java using the Bcrypt library. 

 First we will create a Class called bcrypt with the following code:
import org.springframework.security.crypto.bcrypt.BCrypt;
public class bcrypt {
    private String password = "thomas123";
    private String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt(10));
    public void checkPass(String password) {
        if(BCrypt.checkpw(password, hashedPassword)) {
            System.out.println("Match");        } else {
            System.out.println("No Match");        }
    }

}

 In the above code we have declared a variable called password, which is the password we are going to hash, next we call the BCrypt.hashpw() method using the declared password and a generated salt value. 

 Following the hashedPassword variable we creates a method called checkPass with a simple conditional statement that will output a valued based on wether the password we give as a input parameter matched the one we hashed.

 The last thing we have to do is then to call our checkPass method with a String value.

 
public class main {

    public static void main(String [] args)
    {
        bcrypt bcrypt = new bcrypt();        bcrypt.checkPass("thomas123");    }
}

 Using the above main class our output is evaluated to "Match" since both the hashed password and inputted parameter value are identical.

Kommentarer

Send en kommentar

Populære opslag fra denne blog

Artificial Intelligence - How it could lead to a greener and healthier world

-
Billede
This article is inspired by:  https://blogs.ei.columbia.edu/2018/06/05/artificial-intelligence-climate-environment/ One of the most discussed topics of this decade is without doubt global warming and how the climate changes are impacting our way of life. The general tempature is rising and the weather is getting more extreme. Its therefore vital that we find the most effecient solutions within the next decades if we are to save the next generations from living with the mistakes of the past. Many solutions do already exists to decrease the overall consumption of oil and gas, however most of these are either very expensive to implement or require us to rethink our daily habits. It's therefore important that we are as effecient as possible when it comes to managing the impact of climate changes and implementing countering solutions. To achieve such a new tool has been presented which we are only starting the see the real possibilties of namly Artifical Intelligence.  To discu
Læs mere

Uber Technology Stack

-
Billede
The Content of this blog post is based on:  https://eng.uber.com/tech-stack-part-one/ Almost everyone in the western world is familiar with the app called Uber. Uber is without doubt the most popular service of reliable transportation. By focusing entirely on mobile platforms they are a so called next generation company, which takes advantages of how a simple application build up around a strong inovative idea can make an impact on millions of people around the world. However a good idea and a great UI can't stand alone, especially not when dealing with such a large user base. In this blog post we will try break down the technology stack used in Uber. As Ubers user base has grown with such a rapid speed, they now face similar global scaling problems as some of the most successful software companies. The infrastructure and storage of Uber has therefore changed since their first launch and will most likely conteniue to do so as new solutions is found to optimize todays stand
Læs mere

REST API (Web API) Part 2 - Security

-
Billede
This post is part 2 in the series of REST API's using spring and spring boot. If you have not yet read part 1, then please do so in order to follow along the steps in this tutorial. However if you only wish to obtain the information about API Security and have no interest in building a rest service yourself using JAVA then feel free to read along. In order to secure a REST API or anything else for that matter, we need to have a formal understanding of what security is within this context. This tutorial will focus on security centered around Authentication and Authorization as this is what we are going to center our implementation around. Authentication Authentication is the act of proving the identity of who we are. So when someone is trying to access our REST API, we want to ensure that the caller can be identified and thereby only allow trusted users to access the service. The most basic way of authentication is by using a User/password approach which works if we trust tha
Læs mere