|
@@ -336,7 +336,7 @@ https://docs.spring.io/spring-security/site/docs/5.0.x/api/org/springframework/s
|
|
|
The `BCryptPasswordEncoder` implementation uses the widely supported https://en.wikipedia.org/wiki/Bcrypt[bcrypt] algorithm to hash the passwords.
|
|
The `BCryptPasswordEncoder` implementation uses the widely supported https://en.wikipedia.org/wiki/Bcrypt[bcrypt] algorithm to hash the passwords.
|
|
|
To make it more resistant to password cracking, bcrypt is deliberately slow.
|
|
To make it more resistant to password cracking, bcrypt is deliberately slow.
|
|
|
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
|
|
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
|
|
|
-The default implementationThe default implementation of `BCryptPasswordEncoder` uses strength 10 as mentioned in the Javadoc of https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html[`BCryptPasswordEncoder`]. You are encouraged to
|
|
|
|
|
|
|
+The default implementation of `BCryptPasswordEncoder` uses strength 10 as mentioned in the Javadoc of https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html[`BCryptPasswordEncoder`]. You are encouraged to
|
|
|
tune and test the strength parameter on your own system so that it takes roughly 1 second to verify a password.
|
|
tune and test the strength parameter on your own system so that it takes roughly 1 second to verify a password.
|
|
|
|
|
|
|
|
.BCryptPasswordEncoder
|
|
.BCryptPasswordEncoder
|
Junichi Sakaeda