BCryptPasswordEncoder的密码长度限制是否超过72个字符?

本文介绍了BCryptPasswordEncoder的密码长度限制是否超过72个字符?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我看到了一个帖子，其中bcrypt的字符数限制为72个.所以我测试了Spring security的BCryptPasswordEncoder以查看会发生什么.我尝试了1000多个长度，并且工作正常.甚至没有警告日志.

I saw a post that bcrypt has 72 characters limit. So I tested Spring security's BCryptPasswordEncoder to see what will happen. I tried over 1000 length and it worked normally. Not even a warning log was out.

我尝试了JavaDoc和在线文档，但是找不到输入长度限制.

I tried JavaDoc and online docs but couldn't find about input length limitation.

BCryptPasswordEncoder的密码长度限制是否超过72个字符?如果是这样，我可以在我的Web应用程序中使用它吗?

Is BCryptPasswordEncoder's password length limit more than 72 characters? If so, can I use this to my web applications?

推荐答案

BCryptPasswordEncoder似乎在没有任何警告的情况下裁剪了密码.

It seems BCryptPasswordEncoder crops password without any warning.

我尝试使用BCrypt而不是BCryptPasswordEncoder这样.

I tried with BCrypt instead of BCryptPasswordEncoder like this.

@Test
public void testBcrypt() throws Exception {
    final String pw1_a71 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
    final String pw2 = pw1_a71 + "b";
    final String pw3 = pw2 + "b";
    final String pw4 = "b" + pw2;

    final String gensalt = BCrypt.gensalt();
    for (final String pw : Arrays.asList(pw1_a71, pw2, pw3, pw4)) {
        System.out.println(BCrypt.hashpw(pw, gensalt));
    }
}

输出:

$2a$10$9S6TbAreOnBH1ZCdZ.G0WOBxiIEizo92CNeFFBlcg1bxyGa9mMgEu
$2a$10$9S6TbAreOnBH1ZCdZ.G0WO4Pm8wq3zRnVR6szbZynp8DHOq3XCwoW
$2a$10$9S6TbAreOnBH1ZCdZ.G0WO4Pm8wq3zRnVR6szbZynp8DHOq3XCwoW
$2a$10$9S6TbAreOnBH1ZCdZ.G0WOCC3kvOwtnzVpiEmOWvIA6WIKzxi7lhy

这篇关于BCryptPasswordEncoder的密码长度限制是否超过72个字符?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！