Unify API Bcrypt.with() to be able to hash and verify from the same entrypoint

patrickfav / bcrypt

A Java standalone implementation of the bcrypt password hash function. Based on the Blowfish cipher it is the default password hash algorithm for OpenBSD and other systems including some Linux distributions. Includes a CLI Tool.

https://favr.dev/opensource/bcrypt

Apache License 2.0

482 stars 49 forks source link

Unify API Bcrypt.with() to be able to hash and verify from the same entrypoint #26

Open patrickfav opened 4 years ago

patrickfav commented 4 years ago

See discussion in #23

Talking about it, I think the interface of the lib a bit surprising. Why BCrypt.with()... is for hashing, and BCrypt.verifyer()... is for verifying? It would really make more sense, from an external point of view, if we could simply do: BCrypt.with(LongPasswordStrategies.truncate()).verify(pw, hash);

Indigo744 commented 4 years ago

I like consistent API 😄

Note that you can keep retro-compatibility by keeping the BCrypt.verifyer() as only a wrapper around BCrypt.with() (and marking it as obsolete, if possible in Java?).

patrickfav commented 4 years ago

You are right, we can make it backward compatible. And of course I agree with you, a API should be consistent :)