Rectangle 27 0

java Check if a string has been hashed with BCrypt or not?


Yes, I thought of that but as said by @Hexaholic, this is not 100% sure since a user can have a password that fit exactly these requirements.

You could read the lenght all hashes are exactly the same lenght provided the same algorithm is used. 22 or 32 or 53 depending on your implementation. If in Java 53 is used. To make this more reliable you could also detect that the first character is $ and the whole string should be 53 characters. Positions 3 and 6 also contain $. There is other factors as well that can be checked such as the work factor being the same. This is represented by the position 1 and 2 the combination of all this and a verification to make sure that the user doesn't input something like that. If this is not viable creating a instance boolean that is set to true when the password is hashed but requires that each password be it's own object.

Note