Packages

class BCryptSha256PasswordHasher extends BCryptPasswordHasher

Implementation of the password hasher based on BCrypt.

The designers of bcrypt truncate all passwords at 72 characters which means that bcrypt(password_with_100_chars) == bcrypt(password_with_100_chars[:72]). The original BCryptPasswordHasher does not have any special handling and thus is also subject to this hidden password length limit. BCryptSha256PasswordHasher fixes this by first hashing the password using sha256. This prevents the password truncation and so should be preferred over the BCryptPasswordHasher. The practical ramification of this truncation is pretty marginal as the average user does not have a password greater than 72 characters in length and even being truncated at 72 the compute powered required to brute force bcrypt in any useful amount of time is still astronomical. Nonetheless, we recommend you use BCryptSha256PasswordHasher anyway on the principle of "better safe than sorry".

See also

gensalt

https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#using-bcrypt-with-django

https://crypto.stackexchange.com/questions/24993/is-there-a-way-to-use-bcrypt-with-passwords-longer-than-72-bytes-securely

Linear Supertypes
BCryptPasswordHasher, PasswordHasher, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. BCryptSha256PasswordHasher
  2. BCryptPasswordHasher
  3. PasswordHasher
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new BCryptSha256PasswordHasher(logRounds: Int = 10)

    logRounds

    The log2 of the number of rounds of hashing to apply.

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native()
  6. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  7. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  8. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable])
  9. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  10. def hash(plainPassword: String): PasswordInfo

    Hashes a password.

    Hashes a password.

    This implementation does not return the salt separately because it is embedded in the hashed password. Other implementations might need to return it so it gets saved in the backing store.

    plainPassword

    The password to hash.

    returns

    A PasswordInfo containing the hashed password.

    Definition Classes
    BCryptSha256PasswordHasherBCryptPasswordHasher → PasswordHasher
  11. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  12. def id: String

    Gets the ID of the hasher.

    Gets the ID of the hasher.

    returns

    The ID of the hasher.

    Definition Classes
    BCryptSha256PasswordHasherBCryptPasswordHasher → PasswordHasher
  13. def isDeprecated(passwordInfo: PasswordInfo): Option[Boolean]

    Indicates if a password info hashed with this hasher is deprecated.

    Indicates if a password info hashed with this hasher is deprecated.

    In case of the BCrypt password hasher, a password is deprecated if the log rounds have changed.

    passwordInfo

    The password info to check the deprecation status for.

    returns

    True if the given password info is deprecated, false otherwise. If a hasher isn't suitable for the given password, this method should return None.

    Definition Classes
    BCryptPasswordHasher → PasswordHasher
  14. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  15. def isSuitable(passwordInfo: PasswordInfo): Boolean
    Definition Classes
    PasswordHasher
  16. def matches(passwordInfo: PasswordInfo, suppliedPassword: String): Boolean

    Checks if a password matches the hashed version.

    Checks if a password matches the hashed version.

    passwordInfo

    The password retrieved from the backing store.

    suppliedPassword

    The password supplied by the user trying to log in.

    returns

    True if the password matches, false otherwise.

    Definition Classes
    BCryptSha256PasswordHasherBCryptPasswordHasher → PasswordHasher
  17. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  18. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  19. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  20. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  21. def toString(): String
    Definition Classes
    AnyRef → Any
  22. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  23. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  24. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()

Inherited from BCryptPasswordHasher

Inherited from PasswordHasher

Inherited from AnyRef

Inherited from Any

Ungrouped