This method can be used to generate a string representing an account password
suitable for storing in a database. It will be an OpenBSD-style crypt(3) formatted
hash string of length=60
The bcrypt workload is specified in the above static variable, a value from 10 to 31.
A workload of 12 is a very reasonable safe default as of 2013.
This automatically handles secure 128-bit salt generation and storage within the hash.
plaintext - The account's plaintext password as provided during account creation,
or when changing an account's password.
String - a string of length 60 that is the bcrypt hashed password in crypt(3) format.
public static boolean checkPassword(String plaintext,
This method can be used to verify a computed hash from a plaintext (e.g. during a login
request) with that of a stored hash from a database. The password hash from the database
must be passed as the second variable.
plaintext - The account's plaintext password, as provided during a login request
storedHash - The account's stored password hash, retrieved from the authorization database
boolean - true if the password matches the password of the stored hash, false otherwise