jBCrypt remains secure?

1

I would like to know if jBCrypt is out of date because it has not updated for two years

link

If yes, would you have any replacement for hashs and salts for java?

    
asked by anonymous 12.07.2014 / 09:07

1 answer

3

jBCrypt is simply an implementation of the algorithm bcrypt , so that:

  • There is no bug in this implementation ( there is no bug report ); e:
  • No vulnerability has been discovered in this algorithm (it was not).
  • So you can say that it's still safe.

    The fact that it has not been updated for two years means nothing in this case, only that the system has been completed, fulfills its purpose, and there is nothing else to do. It would be interesting that it was peer reviewed by people with experience in cryptographic systems, but in the absence of that, we have only the fact that there was no evidence of any problems ...

    As for alternatives, I do not know any specific implementations, but the bcrypt algorithm is one of the most recommended (the others being PBKDF2 and scrypt ). See this related question for more details on these algorithms (and the hash process in general).

        
    12.07.2014 / 10:23