BCrypt.checkpw() Invalid salt version exception

前端 未结 7 1572
一生所求
一生所求 2021-02-05 05:45

I\'m trying to implement authentication using BCrypt, in my Play 2.1. Java application, but I\'m getting Invalid salt version exception when I\'m trying to authenti

相关标签:
7条回答
  • 2021-02-05 06:16

    jBcrypt is too old and actually unmaintained. Please consider switching to a new implementation of that library to handle the new $2y$ versions.

    I solved this using this pure Java library https://github.com/patrickfav/bcrypt, adding it in my current Scala project.

    With the following function I can finally verify the hashes created with VERSION_2Y:

      /**
        * Verifies an encrypted password against the expected value
        *
        * @link https://github.com/patrickfav/bcrypt
        * @param hash The hashed password (encypted with BCrypt version $2Y$)
        * @param password The unencrypted password string
        */
      private def verifyBcryptHash(hash: String, password: String): Boolean = {
        if (hash == null || hash.trim.isEmpty)
          false
        else
          BCrypt
            .verifyer()
            .verifyStrict(
              password.toCharArray(),
              hash.toCharArray(),
              BCrypt.Version.VERSION_2Y
            )
            .verified
      }
    
    0 讨论(0)
提交回复
热议问题