Package com.oorian.security

Interface PasswordHasher

All Known Implementing Classes:
BcryptHasher, Pbkdf2Hasher
public interface PasswordHasher
Interface for password hashing and verification.

Implementations provide secure one-way password hashing with built-in salt generation and constant-time comparison for verification. The framework ships with two implementations:

  • BcryptHasher — bcrypt algorithm (default, recommended)
  • Pbkdf2Hasher — PBKDF2-HMAC-SHA256 (JDK built-in, zero external dependencies)

Usage:


 PasswordHasher hasher = new BcryptHasher();

 // Hash a password (salt is generated automatically)
 String hash = hasher.hash("myPassword123");

 // Verify a password against a stored hash
 boolean valid = hasher.verify("myPassword123", hash);
Since:
2.1
Version:
1.0
Author:
Marvin P. Warble Jr.
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    hash(String password)
    Hashes a plaintext password.
    boolean
    verify(String password, String hash)
    Verifies a plaintext password against a previously hashed value.

  • Method Details

    • hash

      String hash(String password)
      Hashes a plaintext password.

      Implementations must generate a cryptographically random salt and include it in the returned hash string so that verify(String, String) can extract it for comparison.

      Parameters:
      password - the plaintext password to hash
      Returns:
      the hashed password string (includes salt and algorithm parameters)

    • verify

      boolean verify(String password, String hash)
      Verifies a plaintext password against a previously hashed value.

      Implementations must use constant-time comparison to prevent timing attacks.

      Parameters:
      password - the plaintext password to verify
      hash - the previously hashed password to compare against
      Returns:
      true if the password matches the hash, false otherwise