Do I need to store the salt with bcrypt?
bCrypt’s javadoc has this code for how to encrypt a password: String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt()); To check whether a plaintext password matches one that has been hashed previously, use the checkpw method: if (BCrypt.checkpw(candidate_password, stored_hash)) System.out.println(“It matches”); else System.out.println(“It does not match”); These code snippets imply to me that the randomly generated salt is … Read more