[英]Retrieving password salt with BCryptPasswordEncoder in Spring
It appears that org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
doesn't return the generated password salt :似乎org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
没有返回生成的密码 salt :
public String encode(CharSequence rawPassword) {
String salt;
if(this.strength > 0) {
if(this.random != null) {
salt = BCrypt.gensalt(this.strength, this.random);
} else {
salt = BCrypt.gensalt(this.strength);
}
} else {
salt = BCrypt.gensalt();
}
return BCrypt.hashpw(rawPassword.toString(), salt);
}
Question : what purpose is that designed for?问题:这是为什么目的而设计的? How can this be used, since it doesn't return a salt , which should be stored for the password checking?如何使用它,因为它不返回应该存储用于密码检查的salt ?
Apparently, the salt is part of the encrypted String, which is separated by $.显然,盐是加密字符串的一部分,用 $ 分隔。
More information can be found here: How can bcrypt have built-in salts?可以在此处找到更多信息: bcrypt 如何具有内置盐?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.