Class/Object

com.mohiva.play.silhouette.password

BCryptSha256PasswordHasher

Related Docs: object BCryptSha256PasswordHasher | package password

Permalink

class BCryptSha256PasswordHasher extends BCryptPasswordHasher

Implementation of the password hasher based on BCrypt.

The designers of bcrypt truncate all passwords at 72 characters which means that bcrypt(password_with_100_chars) == bcrypt(password_with_100_chars[:72]). The original BCryptPasswordHasher does not have any special handling and thus is also subject to this hidden password length limit. BCryptSha256PasswordHasher fixes this by first hashing the password using sha256. This prevents the password truncation and so should be preferred over the BCryptPasswordHasher. The practical ramification of this truncation is pretty marginal as the average user does not have a password greater than 72 characters in length and even being truncated at 72 the compute powered required to brute force bcrypt in any useful amount of time is still astronomical. Nonetheless, we recommend you use BCryptSha256PasswordHasher anyway on the principle of "better safe than sorry".

See also

https://crypto.stackexchange.com/questions/24993/is-there-a-way-to-use-bcrypt-with-passwords-longer-than-72-bytes-securely

https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#using-bcrypt-with-django

gensalt

Linear Supertypes
BCryptPasswordHasher, PasswordHasher, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. BCryptSha256PasswordHasher
  2. BCryptPasswordHasher
  3. PasswordHasher
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new BCryptSha256PasswordHasher(logRounds: Int = 10)

    Permalink

    logRounds

    The log2 of the number of rounds of hashing to apply.

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any

  5. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  6. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  7. def equals(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  8. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  9. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any

  10. def hash(plainPassword: String): PasswordInfo

    Permalink

    Hashes a password.

    Hashes a password.

    This implementation does not return the salt separately because it is embedded in the hashed password. Other implementations might need to return it so it gets saved in the backing store.

    plainPassword

    The password to hash.

    returns

    A PasswordInfo containing the hashed password.

    Definition Classes
    BCryptSha256PasswordHasherBCryptPasswordHasher → PasswordHasher

  11. def hashCode(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  12. def id: String

    Permalink

    Gets the ID of the hasher.

    Gets the ID of the hasher.

    returns

    The ID of the hasher.

    Definition Classes
    BCryptSha256PasswordHasherBCryptPasswordHasher → PasswordHasher

  13. def isDeprecated(passwordInfo: PasswordInfo): Option[Boolean]

    Permalink

    Indicates if a password info hashed with this hasher is deprecated.

    Indicates if a password info hashed with this hasher is deprecated.

    In case of the BCrypt password hasher, a password is deprecated if the log rounds have changed.

    passwordInfo

    The password info to check the deprecation status for.

    returns

    True if the given password info is deprecated, false otherwise. If a hasher isn't suitable for the given password, this method should return None.

    Definition Classes
    BCryptPasswordHasher → PasswordHasher

  14. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any

  15. def isSuitable(passwordInfo: PasswordInfo): Boolean

    Permalink
    Definition Classes
    PasswordHasher

  16. def matches(passwordInfo: PasswordInfo, suppliedPassword: String): Boolean

    Permalink

    Checks if a password matches the hashed version.

    Checks if a password matches the hashed version.

    passwordInfo

    The password retrieved from the backing store.

    suppliedPassword

    The password supplied by the user trying to log in.

    returns

    True if the password matches, false otherwise.

    Definition Classes
    BCryptSha256PasswordHasherBCryptPasswordHasher → PasswordHasher

  17. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  18. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef

  19. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef

  20. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef

  21. def toString(): String

    Permalink
    Definition Classes
    AnyRef → Any

  22. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  23. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  24. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from BCryptPasswordHasher

Inherited from PasswordHasher

Inherited from AnyRef

Inherited from Any

Ungrouped