bCrypt’s javadoc has this code for how to encrypt a password:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash))
System.out.println("It matches");
else
System.out.println("It does not match");
These code snippets imply to me that the randomly generated salt is thrown away. Is this the case, or is this just a misleading code snippet?
