private void testShortKeys() { byte[] salt = new byte[16]; // Check BCrypt with empty key pads to zero byte key byte[] hashEmpty = BCrypt.generate(new byte[0], salt, 4); byte[] hashZero1 = BCrypt.generate(new byte[1], salt, 4); if (!Arrays.areEqual(hashEmpty, hashZero1)) { fail("Hash for empty password should equal zeroed key", new String(Hex.encode(hashEmpty)), new String(Hex.encode(hashZero1))); } // Check zeroed byte key of min Blowfish length is equivalent byte[] hashZero4 = BCrypt.generate(new byte[4], salt, 4); if (!Arrays.areEqual(hashEmpty, hashZero4)) { fail("Hash for empty password should equal zeroed key[4]", new String(Hex.encode(hashEmpty)), new String( Hex.encode(hashZero4))); } // Check BCrypt isn't padding too small (32 bit) keys byte[] hashA = BCrypt.generate(new byte[]{(byte)'a'}, salt, 4); byte[] hashA0 = BCrypt.generate(new byte[]{(byte)'a', (byte)0}, salt, 4); if (Arrays.areEqual(hashA, hashA0)) { fail("Small keys should not be 0 padded."); } }
private void checkOK(String msg, byte[] pass, byte[] salt, int cost) { try { BCrypt.generate(pass, salt, cost); } catch (IllegalArgumentException e) { e.printStackTrace(); fail(msg); } }
private void checkIllegal(String msg, byte[] pass, byte[] salt, int cost) { try { BCrypt.generate(pass, salt, cost); fail(msg); } catch (IllegalArgumentException e) { // e.printStackTrace(); } }
private void test(byte[] password, byte[] salt, int cost, byte[] expected) { byte[] hash = BCrypt.generate(password, salt, cost); if (!Arrays.areEqual(hash, expected)) { fail("Hash for " + new String(Hex.encode(password)), new String(Hex.encode(expected)), new String(Hex.encode(hash))); } }
private static byte[] hashPassword(String password, byte[] salt, int cost) { byte[] pwBytes = password.getBytes(StandardCharsets.UTF_8); return BCrypt.generate(pwBytes, salt, cost); }
