google.registry.util.PasswordUtils

public final class PasswordUtils extends Object

Common utility class to handle password hashing and salting /*

We use a memory-hard hashing algorithm (Scrypt) to prevent brute-force attacks on passwords.

Note that in tests, we simply concatenate the password and salt which is much faster and reduces the overall test run time by a half. Our tests are not verifying that SCRYPT is implemented correctly anyway.

See Also:

Field Summary

Fields

Modifier and Type

Field

Description

static final com.google.common.base.Supplier<byte[]>

SALT_SUPPLIER
Method Summary

Modifier and Type

Method

Description

static String

hashPassword(String password, byte[] salt)

Returns the hash of the password using the provided salt.

static boolean

verifyPassword(String password, String hash, String salt)

Verifies a password by regenerating the hash with the provided salt and comparing it to the provided hash.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- SALT_SUPPLIER
  
  public static final com.google.common.base.Supplier<byte[]> SALT_SUPPLIER
Method Details
- hashPassword
  
  public static String hashPassword(String password, byte[] salt)
  
  Returns the hash of the password using the provided salt.
- verifyPassword
  
  public static boolean verifyPassword(String password, String hash, String salt)
  
  Verifies a password by regenerating the hash with the provided salt and comparing it to the provided hash.

Class PasswordUtils

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

SALT_SUPPLIER

Method Details

hashPassword

verifyPassword