BCryptPasswordEncoder的密码长度限制是否超过72个字符?

时间:2018-04-20 04:49:42

标签: security spring-security bcrypt

I saw a post that bcrypt has 72 characters limit.所以我测试了Spring security BCryptPasswordEncoder,看看会发生什么。我尝试了超过1000长度,它正常工作。甚至没有警告日志。

我尝试过JavaDoc和在线文档,但找不到输入长度限制。

BCryptPasswordEncoder的密码长度限制是否超过72个字符?如果是这样,我可以将它用于我的Web应用程序吗?

1 个答案:

答案 0 :(得分:0)

似乎BCryptPasswordEncoder在没有任何警告的情况下裁剪密码。

我尝试使用BCrypt代替此BCryptPasswordEncoder

@Test
public void testBcrypt() throws Exception {
    final String pw1_a71 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
    final String pw2 = pw1_a71 + "b";
    final String pw3 = pw2 + "b";
    final String pw4 = "b" + pw2;

    final String gensalt = BCrypt.gensalt();
    for (final String pw : Arrays.asList(pw1_a71, pw2, pw3, pw4)) {
        System.out.println(BCrypt.hashpw(pw, gensalt));
    }
}

输出:

$2a$10$9S6TbAreOnBH1ZCdZ.G0WOBxiIEizo92CNeFFBlcg1bxyGa9mMgEu
$2a$10$9S6TbAreOnBH1ZCdZ.G0WO4Pm8wq3zRnVR6szbZynp8DHOq3XCwoW
$2a$10$9S6TbAreOnBH1ZCdZ.G0WO4Pm8wq3zRnVR6szbZynp8DHOq3XCwoW
$2a$10$9S6TbAreOnBH1ZCdZ.G0WOCC3kvOwtnzVpiEmOWvIA6WIKzxi7lhy
相关问题
最新问题