Password Store Best practice – Security Hash in Java

In Development we often encounter the case when we have to store the user’s password. Obversely, we should never store the real, raw password. Instead we store the hash value of the password.

There are some advanced Hashing secure one-way functions compute a one-way (irreversible) transform.  Owasp

Today we will introduce two widely used hash methods:

  • PBKDF2WithHmacSHA512:

PBKDF2 (Password-Based Key Derivation Function 2)
SHA (Secure Hash Algorithm )

Java implementation code

  • Bcrypt:

bcrypt is a password hashing function based on the Blowfish cipher.

Java implementation code

Other good articles:

https://howtodoinjava.com/security/how-to-generate-secure-password-hash-md5-sha-pbkdf2-bcrypt-examples/

Author: aerodc

Software Engineer