1 package org.cacert.gigi.util;
3 import java.security.MessageDigest;
4 import java.security.NoSuchAlgorithmException;
6 import com.lambdaworks.crypto.SCryptUtil;
8 public class PasswordHash {
10 public static boolean verifyHash(String password, String hash) {
11 if (hash.contains("$")) {
12 return SCryptUtil.check(password, hash);
14 String newhash = sha1(password);
16 if (newhash.length() != hash.length()) {
19 for (int i = 0; i < newhash.length(); i++) {
20 match &= newhash.charAt(i) == hash.charAt(i);
25 private static String sha1(String password) {
27 MessageDigest md = MessageDigest.getInstance("SHA1");
28 byte[] digest = md.digest(password.getBytes());
29 StringBuffer res = new StringBuffer(digest.length * 2);
30 for (int i = 0; i < digest.length; i++) {
31 res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
32 res.append(Integer.toHexString(digest[i] & 0xF));
34 return res.toString();
35 } catch (NoSuchAlgorithmException e) {
40 public static String hash(String password) {
41 return SCryptUtil.scrypt(password, 1 << 14, 8, 1);