Skip to content

Usage of Password4j

Jump to bottom
David Bertoldi edited this page Feb 18, 2021 · 6 revisions

Password4j uses 3 verbs:

  • hash in order to hash a plain text password
  • check in order to check and hash against a plain text password
  • update in order to update an hash after it is checked.

A possible statement is

Hash hash = Password.hash(plaintTextPassword)
                    .addNewRandomSalt()
                    .addPepper(somePepper)
                    .withSCrypt();

which hashes a plainTextPassword with scrypt prepending somePepper and adding a randomly generated salt.

Aside from indentation, this is just a one line of Java code!

For more information about Password4j statements, see here.

The Hash object

An object of type Hash is always returned when you use the hash verb. For example:

Hash hash = Password.hash(plainTextPassword)...

It always contains:

Attribute Example
The computed hash as String hash.getResult()
The computed hash as byte[] hash.getBytes()
The salt used during the computation as String hash.getSalt()
The pepper used for the computation as CharSequence hash.getPepper()
A singleton instance of the HashingFunction used for the computation hash.getHashingFunction()

The HashUpdate object

An object of type HashUpdate is always returned when you use the update verb. For example:

HashUpdate update = Password.check(hash, plainTextPassword)...andUpdate()...

It always contains:

Attribute Example
A boolean which tells if the check is passed. update.isVerified()
An Hash object containing the information of the refreshed hash. If the check has not passed, this is null. update.getHash()

Supports Java 8+ Maven Central License

Password4j © 2024

Created by David Bertoldi with 🗿

Password4j documentation

Clone this wiki locally