maven central

Password4j is a Java fluent cryptographic library specialised on password encryption with different Key derivation functions (KDFs) and Cryptographic hash functions (CHFs).

Protect passwords with methodologies recommended by OWASP with few and portable configurations, free of dependencies, running on a battle-tested implementation in pure Java. Free of charge.

Use Password4j when you need to

Encrypt passwords easily

Made easy for developers

Protect thousands of accounts with Argon2, scrypt, bcrypt or PBKDF2.

Add randomly generated salt and pepper with a cryptographically strong random number generator.

With just a few lines of code.

What is hashing

Hashing is the process of generating a string, or hash or digest, from a given message using a function known as a Cryptographic hash function. Cryptographic hash functions have many properties:

Also, password hashing functions must be slow. A fast algorithm would aid brute force attacks in which a hacker will attempt to guess a password by hashing and comparing billions (or trillions) of potential passwords per second.

Upgrade old algorithm

Upgrade your project

Don't worry about password security anymore. Even if in the past you made the wrong choices.

Get rid of old implementations and get back on track now!

What algorithm to choose

This is not a security advice, but here some hints:

Upgrade now your project!

Encrypt passwords easily

Find your desired level of security

Password4j finds for you the best security parameters for your application according to your business requirements.

A tool to be run on your production environment automatically produces the perfect trade-off between security and user experience.

JCA compliancy

The side project Password4j-JCA extends the Java Cryptography Architecture so that you can use all the algorithms provided by Password4j. Because of the nature of the Security Providers, this library is compatible with Java 9 and up.

Give it a try!