[Spring]如何使用bcrypt

1.先上代码

BCryptPasswordEncoder bcrypt = new BCryptPasswordEncoder(9);
String pwdCry = bcrypt.encode(pwd);

 2.分析:

加密后的密码长度都是60

格式一般都是$2a$X,X是strength,通过初始化类时设置,默认是10

 

3.bcrypt:

bcrypt is not an encryption function, it's a password hashing function, relying on Blowfish's key scheduling, not its encryption. Hashing are mathematical one-way functions, meaning there is no* way to reverse the output string to get the input string.

意思是bcrypt是单向的,无法解密

 

4.匹配:

调用bcrypt.match(原始密码,加密后密码)

 

5.结合spring&数据库

<bean id="encoder"
         class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
        <constructor-arg name="strength" value="9" />
   </beans:bean>

 注入:

@Autowired
@Qualifier("passwordEncoder")
BCryptPasswordEncoder bcrypt;

 判断逻辑:不再传入username和password,因为每次加密都不同值,所以只传入username然后查出DB加密了的password,然后通过matches()来判断

 

参考:

1.bcrypt:https://blog.csdn.net/qq_35232663/article/details/81259681

2.结合spring通过注解来使用:http://www.programming-free.com/2015/09/spring-security-password-encryption.html

3.如何结合DB来使用bcrypt的问答:https://stackoverflow.com/questions/42795509/compare-entered-password-with-bcrypt-hashed-password-in-database