Hello Everyone!
I am still fairly new to Java programming, so please forgive me if this question is not thorough enough.
I am trying to find a way to salt and hash my passwords in Java for a web app that requires a password login.
I tried to use the Bouncy Castle bcrypt and scrypt classes in order to get a method of salting, hashing, and password verification only to find out that there is no password verification method in either one of these classes. If I am incorrect in this assessment, please let me know what the method is for password verification or if I am missing something.
As an alternative, I have decided to try out bcrypt instead before I just break down and go to PDBKF2 since there is more documentation out there for that instead of bcrypt or scrypt.
The problem that I am running into is that I found Mindrot's bcrypt at this website: http://www.mindrot.org/projects/jBCrypt/#download , but my concern is that it hasn't been updated in about two years. I had a developer at my work tell me to only use encryption methods that are being constantly updated within the past six months, so it makes me really nervous to even consider it.
Has anyone out there used jBcrypt recently? Is it still something that I can use for my project?
If not, where is somewhere reliable that I can get either bcrypt or scrypt with password verification?
Thanks in advance!
org.bouncycastle.crypto.generators.OpenBSDBCrypt.checkPassword(String, char[])
– Maarten Bodewes