< Back

Packages

package root

Definition Classes
root
package com

Definition Classes
root
package mohiva

Definition Classes
com
package play

Definition Classes
mohiva
package silhouette

Definition Classes
play
package password

Definition Classes
silhouette
BCryptPasswordHasher
BCryptSha256PasswordHasher

p

com.mohiva.play.silhouette

password

package password

Ordering

Alphabetic

Visibility

Public
All

Type Members

class BCryptPasswordHasher extends PasswordHasher
Implementation of the password hasher based on BCrypt.
Implementation of the password hasher based on BCrypt.

See also
gensalt
class BCryptSha256PasswordHasher extends BCryptPasswordHasher
Implementation of the password hasher based on BCrypt.
Implementation of the password hasher based on BCrypt.
The designers of bcrypt truncate all passwords at 72 characters which means that bcrypt(password_with_100_chars) == bcrypt(password_with_100_chars[:72]). The original BCryptPasswordHasher does not have any special handling and thus is also subject to this hidden password length limit. BCryptSha256PasswordHasher fixes this by first hashing the password using sha256. This prevents the password truncation and so should be preferred over the BCryptPasswordHasher. The practical ramification of this truncation is pretty marginal as the average user does not have a password greater than 72 characters in length and even being truncated at 72 the compute powered required to brute force bcrypt in any useful amount of time is still astronomical. Nonetheless, we recommend you use BCryptSha256PasswordHasher anyway on the principle of "better safe than sorry".

See also
gensalt
https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#using-bcrypt-with-django
https://crypto.stackexchange.com/questions/24993/is-there-a-way-to-use-bcrypt-with-passwords-longer-than-72-bytes-securely

Value Members

object BCryptPasswordHasher
The companion object.
object BCryptSha256PasswordHasher
The companion object.

Ungrouped