Patrickfav Bcrypt Versions Save

A Java standalone implementation of the bcrypt password hash function. Based on the Blowfish cipher it is the default password hash algorithm for OpenBSD and other systems including some Linux distributions. Includes a CLI Tool.

v0.10.2

1 year ago
  • Fix deployment setup

v0.10.1

1 year ago
  • Re-Introduce DEFAULT_MAX_PW_LENGTH_BYTE to be code compatible with 0.9.0- (thx for the hint @Andrew-Cottrell)

v0.10.0

1 year ago
  • [BREAKING CHANGE] the null terminator will not be counted to the 72 byte max length anymore. This changes the behaviour IF you used passwords with EXACTLY 72 bytes. #43, #44 (thx @quinot, @mathieutu)
  • migrate to Maven Central, Github Actions and Codecov #46
  • update many dependencies and remove warnings for CVE-2020-15522 (bc) CVE-2020-15250 (junit) -> were never part of production code #41

v0.10.0-rc

1 year ago

This release has unsigend jar

v0.9.0

4 years ago

Changes

  • fix license headers and correct credits to jBcrypt
  • add long-password strategy to verifier #21
  • fix not returning correct hash version when verifying #24
  • allow for custom max password length in Version #22

Breaking

  • verify(byte[] password, int cost, byte[] salt, byte[] rawBcryptHash23Bytes) signature changed, added version property (see #24)
  • LongPasswordStrategies factory methods now require the version for the max password length (see #22)
  • Verifier now accepts Version as a constructor parameter and verifyStrict therefore does not need one (see #22)

v0.8.0

5 years ago

Changes

  • add new verify API signature accepting char array password and byte array hash #16
  • add OSGi support #15

v0.7.0

5 years ago

Minor Changes

  • add OSWAP dependency check plugin to Maven POM #14
  • minor refactorings

v0.6.0

5 years ago

Changes

  • change verifier that accepts String type to accept more flexible CharSequence

Known Issues

  • cli tool seems to complains about illegal access of some classes with JDK10

v0.5.0

5 years ago

Changes

  • allow actual 2^31 rounds (fix integer overflow issue with 1<<31) #7
  • use Apache v2 compatible Radix 64 impl and skip OpenJDK one #8
  • add JMH benchmark module #11

Known Issues

  • cli tool seems to complains about illegal access of some classes with JDK10

Note

Skip the previous versions (0.3+) because they contain GPL-2 code. Now everything is under Apache 2 again.

v0.4.1

5 years ago

Changes

  • Fixes maven dependency build setup (Gradle & Maven should now be able to resolve the dependency)