A Java standalone implementation of the bcrypt password hash function. Based on the Blowfish cipher it is the default password hash algorithm for OpenBSD and other systems including some Linux distributions. Includes a CLI Tool.
start
end
Took 375ms
start
Result{details=HashData{cost=12, version=$2a$, rawSalt=63307d3ec2480e8b1840095fc8ce0d06, rawHash=77ce9567471ac1e2d1600a1219d26c9b5f67915df519c1}, validFormat=true, verified=true, formatErrorMessage='null'}
end
Took 305ms
This happens with both verify and verifyStrict.
As far as i could pinpoint, both functions end up calling this method which completely ignores the requested hash version and ends up using BCrypt.withDefaults().
Even though this seems to have no effect in the verification result it is an issue that can be fixed quickly.
Whenever you verify a hash the returned in the result is always
$2a$
:Sample case:
Output:
This happens with both
verify
andverifyStrict
.As far as i could pinpoint, both functions end up calling this method which completely ignores the requested hash version and ends up using
BCrypt.withDefaults()
.Even though this seems to have no effect in the verification result it is an issue that can be fixed quickly.