A quick two step process to generate BCrypt hash using Spring Security Framework 4.0.2.
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Built and tested with the following:
encode() method to generate the hash. A parameter "strength" with a default value of 10 can be set when the class is instantiated, more work needs to be done to hash the password for higher values, such as
new BCryptPasswordEncoder(15) is higher than new
String password = "]]W&uX+r"; BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12); String bcryptPassword = passwordEncoder.encode(password); System.out.println(bcryptPassword); //$2a$12$4JmAjK945YeSOSrIzdEVf.kpcJXoopqtZl1JtwTnf6Okeuaec1DVu
Note: You should expect different hash results even with the same password input. This is because
salt which are generated randomly and appended to the output, this generates unique hash values even for same password inputs.
Generate several times again and you could have different result like below.
//$2a$12$W.pYWYPLl/aqgr/eCLyMsevbXz2mPMrN.Xc34rv8/Cq4vAXkXppfe //$2a$12$YaUzRLiqbAl83VYWxSKvIuHRFniqOCaGNIShILh.G0cr8SiIIljtq //$2a$12$TNHHVI.aUOsPdNcxynOJN.Gx1BIzBgZCKIN8YIeXD6UEQe.y2nllK
That's how BCrypt Hashed Passwords can be generated using Spring Security 4.