问题描述
我正在使用 BCryptPasswordEncoder .我的期望是,对于相同的输入,我将始终获得相同的输出.但是对于相同的输入,我得到不同的输出.您可以使用下面的代码段对其进行测试:
I am using BCryptPasswordEncoder with Spring security. My expectation was that for the same input I will always get the same output. But for the same input I get different output. You could test it with the code snippet below:
String password = "123456";
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(password);
System.out.print(encodedPassword);
输出2:$ 2a $ 10 $ KEvYX9yjj0f1X3Wl8S.KPuWzSWGyGM9ubI71NOm3ZNbJcwWN6agvW
output2: $2a$10$KEvYX9yjj0f1X3Wl8S.KPuWzSWGyGM9ubI71NOm3ZNbJcwWN6agvW
输出3:$ 2a $ 10 $ nCmrPtUaOLn5EI73VZ4Ouu1TmkSWDUxxD4N6A.8hPBWg43Vl.RLDC
output3: $2a$10$nCmrPtUaOLn5EI73VZ4Ouu1TmkSWDUxxD4N6A.8hPBWg43Vl.RLDC
有人可以解释一下,为什么BCryptPasswordEncoder表现得如此吗?
Could someone explain, why BCryptPasswordEncoder behave like this?
推荐答案
public static void main(String[] args) {
// spring 4.0.0
org.springframework.security.crypto.password.PasswordEncoder encoder
= new org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder();
// $2a$10$lB6/PKg2/JC4XgdMDXyjs.dLC9jFNAuuNbFkL9udcXe/EBjxSyqxW
// true
// $2a$10$KbQiHKTa1WIsQFTQWQKCiujoTJJB7MCMSaSgG/imVkKRicMPwgN5i
// true
// $2a$10$5WfW4uxVb4SIdzcTJI9U7eU4ZwaocrvP.2CKkWJkBDKz1dmCh50J2
// true
// $2a$10$0wR/6uaPxU7kGyUIsx/JS.krbAA9429fwsuCyTlEFJG54HgdR10nK
// true
// $2a$10$gfmnyiTlf8MDmwG7oqKJG.W8rrag8jt6dNW.31ukgr0.quwGujUuO
// true
for (int i = 0; i < 5; i++) {
// "123456" - plain text - user input from user interface
String passwd = encoder.encode("123456");
// passwd - password from database
System.out.println(passwd); // print hash
// true for all 5 iteration
System.out.println(encoder.matches("123456", passwd));
}
}
这篇关于为什么Spring的BCryptPasswordEncoder为相同的输入生成不同的输出?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!