Is BCryptPasswordEncoder's password length limit more than 72 characters?

前端未结

关注

 1  376

I saw a post that bcrypt has 72 characters limit. So I tested Spring security\'s BCryptPasswordEncoder to see what will happen. I tried over 1000 length and it work

相关标签:

1条回答

深忆病人

2021-01-27 13:50

It seems BCryptPasswordEncoder crops password without any warning.

I tried with BCrypt instead of BCryptPasswordEncoder like this.

@Test
public void testBcrypt() throws Exception {
    final String pw1_a71 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
    final String pw2 = pw1_a71 + "b";
    final String pw3 = pw2 + "b";
    final String pw4 = "b" + pw2;

    final String gensalt = BCrypt.gensalt();
    for (final String pw : Arrays.asList(pw1_a71, pw2, pw3, pw4)) {
        System.out.println(BCrypt.hashpw(pw, gensalt));
    }
}

Output:

$2a$10$9S6TbAreOnBH1ZCdZ.G0WOBxiIEizo92CNeFFBlcg1bxyGa9mMgEu
$2a$10$9S6TbAreOnBH1ZCdZ.G0WO4Pm8wq3zRnVR6szbZynp8DHOq3XCwoW
$2a$10$9S6TbAreOnBH1ZCdZ.G0WO4Pm8wq3zRnVR6szbZynp8DHOq3XCwoW
$2a$10$9S6TbAreOnBH1ZCdZ.G0WOCC3kvOwtnzVpiEmOWvIA6WIKzxi7lhy

0 讨论(0)