Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password encode #11

Closed
JingwenJessica opened this issue Apr 22, 2017 · 1 comment
Closed

Password encode #11

JingwenJessica opened this issue Apr 22, 2017 · 1 comment

Comments

@JingwenJessica
Copy link

Hello Valdimir,

Thanks for your blog and example on spring boot / jwt.

I notice that you use "$2a$10$bnC26zz//2cavYoSCrlHdecWF8tkGfPodlHcYwlACBBwJvcEf0p2G" as password instead of "test1234". Is this encoded code for "test1234"? Could you explain why do we need encoded code here? How could we get it?

Thanks,
Jessica
@BgRva
Copy link

BgRva commented May 26, 2017
edited
Loading

A little late, but I hope this can help someone else.

Typically the back end of an authentication mechanism stores hashed passwords, in this case "$2a$10$bnC26zz//2cavYoSCrlHdecWF8tkGfPodlHcYwlACBBwJvcEf0p2G" is the hash of the password "test1243". It uses the BCrypt hashing function, and if you look at the PasswordEncoderConfig class it uses an instance of BCryptPasswordEncoder, for which the default strength = 10.

You can verify this by going to an online BCrypt encoder such as this one and use 10 for the number of rounds. Note that for BCrypt, each time, a different hash value of length 60 is generated.

@svlada svlada closed this as completed Jan 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@svlada @BgRva @JingwenJessica