what is the best way to do hash passwords

Vedran V

unread,

Nov 13, 2015, 9:17:18 AM11/13/15

to play-framework

what is the best way to do hash passwords
I tried to use class play.libs.Crypto. encryptAES(String value). can someone write a simple example. thank you

raunak

unread,

Nov 13, 2015, 10:29:33 AM11/13/15

to play-framework

I've used JbCrypt in the past. Sample code from website below;

// Hash a password for the first time
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// gensalt's log_rounds parameter determines the complexity
// the work factor is 2**log_rounds, and the default is 10
String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12));

// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
	System.out.println("It matches");
else
	System.out.println("It does not match");

Vedran V

unread,

Nov 13, 2015, 1:41:14 PM11/13/15

to play-framework

thank you

Matthias Kurz

unread,

Nov 13, 2015, 5:46:14 PM11/13/15

to play-framework

Have a look at http://www.jasypt.org/.

Will Sargent

unread,

Nov 13, 2015, 9:22:55 PM11/13/15

to play-framework

Please don't use jascrypt -- it's not a standard password hashing scheme.

You should not use Crypto.encryptAES for hashing passwords.

You should use bcrypt -- jBcrypt is the Java implementation of bcrypt.

Sent from Outlook

--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/ff349744-0207-4f41-8f61-fad6967787cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward