I used Apache library for hash password for two application in Linux. One of them is Pure-Ftp and another is my Application. I manually save hashed password in Pure-Ftp passwd file, It works fine and user can use Ftp with given user/password.
In my Application I want to authenticat user, But there is not any checkPassword(clearTextPassword, hashedPassword) function.
import org.apache.commons.codec.digest.Crypt;
...
...
...
String hashedValue = Crypt.crypt(clearTextPassword);
..
To verifying password, You can hash given simple password with savedHashedPassword as salt:
private static boolean checkPassword(String password, String hashedPassword) {
String tmpHashedPassword = Crypt.crypt(password, hashedPassword);
return hashedPassword.equalsIgnoreCase(tmpHashedPassword);
}
Crypt.crypt(password) Calculates the digest using the strongest crypt(3) algorithm. A random salt and the default algorithm (currently SHA-512) are used.