Menu
How do I encrypt a password insert it into the db and after the comparison when he will want to connect?
I would use StandardPasswordEncoder Spring security 3.1.4 to encrypt my password and insert into the db. But how do I recovered the salt generated by the method?
Here is an example of the doc Spring security:
StandardPasswordEncoder encoder = new StandardPasswordEncoder("secret");
String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
I asked her because I'll need the selt order to re encode the password for the comparison? And validate if the user has to enter the correct password?
Here the password encoding: 9e7e3a73a40871d4b489adb746c31ace280d28206dded9665bac40eabfe6ffdc32a8c5c416b5878f
and I would compare encode the new password
Link Doc Spring : http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/reference/crypto.html Link API SPring security 3.1.4 : http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/apidocs/
672
A salt is a sequence of randomly generated bytes that is hashed along with the password. The salt is stored in the storage and doesn't need to be protected. Whenever the user tries to authenticate, the user's password is hashed with the saved salt and the result should match the stored password.
@Autowired private BCryptPasswordEncoder bCryptPasswordEncoder; @GetMapping("/test") public void fillDatabse() { String encodedPw=bCryptPasswordEncoder. encode("test"); Password p = new Password(encodedPw);
Introduction. Spring Security provides password encoding feature using the PasswordEncoder interface. It's a one way transformation, means you can only encode the password, but there is no way to decode the password back to the plaintext form.
I think you are asking how it works?? The answer is fairly simple. StandardPasswordEncoder.matches() is the method you want to use. Behind the scenes, StandardPasswordEncoder will decode the hashed password and extract the salt from the resulting byte array. It will then use that salt to hash the plain-text password you passed in. If the resulting hash matches the original hash, your passwords match! Refer to the source for the details behind StandardPasswordEncoder.matches():
public boolean matches(CharSequence rawPassword, String encodedPassword) {
byte[] digested = decode(encodedPassword);
byte[] salt = subArray(digested, 0, saltGenerator.getKeyLength());
return matches(digested, digest(rawPassword, salt));
}
You cant decrepit the saved password as human readable.
assume myPassword ="9e7e3a73a40871d4b489adb746c31ace280d28206dded9665bac40eabfe6ffdc32a8c5c416b5878f" pesent in the daabase.
You can do like this
StandardPasswordEncoder encoder = new StandardPasswordEncoder("secret");
String result = encoder.encode("myPassword");
now your result is equal to `9e7e3a73a40871d4b489adb746c31ace280d28206dded9665bac40eabfe6ffdc32a8c5c416b5878f`
String passworddb = getPasswordFromDB();
passworddb from daabase is `9e7e3a73a40871d4b489adb746c31ace280d28206dded9665bac40eabfe6ffdc32a8c5c416b5878f`
assertTrue(encoder.matches(passworddb, result)); then passworddb and result are equal.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
