Reputation: 71
Multi algorithm password hash structure for database persistence
I used years ago a java (spring) framework for hashing passwords and store them in a database. But I can't remember the name.
The advantage was, that it didn't only stored the hashed value with salt etc. but also the information about the used algorithm and and the configuration like {'alg':'bcrypt', { 'salt':'dsjhjdsfh', 'iter':'356178372', ..}, 'hash':'ju3j7HJghkdfk'}
So it was possible to change the algorithm, so new passwords were using them automatically, old password could be verified automatically with the old algorithm, but after successful validation they were updated with the new algorithm.
Does this framework still exists, because I was searching really hard, but had no luck.
Upvotes: 0
Views: 143
Answers (1)
Reputation: 568
Current implementations of BCrypt exist this way. Although they are not stored in a plaintext-JSON-like structure, you will still be able to change the algorithm or the number of rounds and the old hashes will still be able to verify correctly.
Refer to this particular answer to see how a BCrypt hash is generated and the metadata associated with it is stored as a single string.
It is already present in Spring framework or you can also get it as a separate library. Usage is also very simpler.
Upvotes: 1
Related Questions
- How to store hashed password in database?
- Hashed Database Password [Hibernate]
- Hashing Passwords in Java
- Which password hashing method should I use?
- Hashing Passwords With Multiple Algorithms
- hashed password
- Java hashing passwords
- Password Hash method in Java
- Keeping user passwords safe in Java?
- how to store passwords in database?