|
|
@@ -605,7 +605,7 @@ This provides an alternative to Spring Security's built-in `Pbkdf2PasswordEncode
|
|
|
|
|
|
PBKDF2 is a key derivation function designed to be computationally expensive to thwart dictionary and brute force attacks.
|
|
|
This implementation handles salt management explicitly since Password4j's PBKDF2 implementation does not include the salt in the output hash.
|
|
|
-The encoded password format is: `{salt}:{hash}` where both salt and hash are Base64 encoded.
|
|
|
+The encoded password format is: `+{salt}:{hash}+` where both salt and hash are Base64 encoded.
|
|
|
|
|
|
.Pbkdf2Password4jPasswordEncoder
|
|
|
[tabs]
|
|
|
@@ -646,7 +646,7 @@ The `BalloonHashingPassword4jPasswordEncoder` implementation uses the Balloon ha
|
|
|
Balloon hashing is a memory-hard password hashing algorithm designed to be resistant to both time-memory trade-off attacks and side-channel attacks.
|
|
|
|
|
|
This implementation handles salt management explicitly since Password4j's Balloon hashing implementation does not include the salt in the output hash.
|
|
|
-The encoded password format is: `{salt}:{hash}` where both salt and hash are Base64 encoded.
|
|
|
+The encoded password format is: `+{salt}:{hash}+` where both salt and hash are Base64 encoded.
|
|
|
|
|
|
.BalloonHashingPassword4jPasswordEncoder
|
|
|
[tabs]
|
Rob Winch