Passwords and hash values

exercise No. 50


In exercise the section called “A user authentication strategy we discarded the idea of clear text passwords in favour of password hashes. In order to avoid Rainbow cracking so called salted hashes are superior. You should read for overview purposes. The article contains further references on the bottom of the page.

With respect to an implementation provides a simple example for:

  • Creating a salted hash from a given password string.

  • Hash verification with respect towards a given clear text password.

You may as well use as a starting point. This example works standalone without needing an external library. Note: This example produces different (incompatible) hash values.

Create a simple unit test checking hash creation and checking against a random password value.


The previously mentioned implementation uses encodeBase64String to be imported by:



Starting from Salted Password Hashing - Doing it Right and we create a slightly modified class HashProvider:

This solution does contain a unit test class TestDecrypt which also illustrates the intended use.