If you want to hash passwords, you probably want something like https://github.com/wg/scrypt. Note that that implementation creates a new SecureRandom instance for each time you hash something, so be sure your system isn’t going to have entropy issues, or configure the JVM to use your OS’s nonblocking CSPRNG. For jwt, try https://github.com/auth0/java-jwt.