Password4j is a Java fluent cryptographic library for hashing and checking passwords with different Key derivation functions (KDFs) and Cryptographic hash functions (CHFs).

You can hash passwords with

Use Password4j when you need to


Wait...what is hashing?

Hashing is the process of generating a string, or hash or digest, from a given message using a function known as a Cryptographic hash function. Cryptographic hash functions have many properties:

Also, though, password hashing functions must be slow. A fast algorithm would aid brute force attacks in which a hacker will attempt to guess a password by hashing and comparing billions (or trillions) of potential passwords per second.

What algorithm should I use?

This is not a security advice, but here some hints:

Upgrade now your project!

Is it JCA compliant?

Yes! The side project Password4j-JCA extends the Java Cryptography Architecture so that you can use all the algorithms provided by Password4j. Because of the nature of the Security Providers, this library is compatible with Java 9 and up.

Give it a try!