Tag Archives: salt

Hashing and Salting passwords with Spring Security PasswordEncoder

January 11, 2016 – 11:07 pm

Getting the details right when implementing password storage is critical. Some hash algorithms are vulnerable or just not suited to password hashing. If the salt is too short or predictable, it may be possible to retrieve the password from the hash. Any number of subtle bugs in coding could result in a password database that is vulnerable in one way or another. Fortunately, Spring Security includes password hashing out of the box. What’s more, since version 3.1, Spring Security automatically takes care of salting too.

Tags BCrypt, hash, password, PasswordEncoder, PBKDF2, salt, scrypt, SHA-256, spring, spring mvc, spring security | Comment (0)

Don’t Panic!

Stuart 'Stevie' Leitch's blog on Software Development, Java Technologies, Security and Testing
- My projects on GitHub
Archives
Archives
Tags

apm appdynamics archetype BCrypt blame BotFramework bug ci container DBUnit deploy docker Dockerfile Docker Hub eclipse github hash hibernate image integration test jetty jsp junit maven microservice mistake MockMVC MySQL netbeans node.js Rule Security SOAP spanners spring Spring-WS spring boot spring mvc spring security tapestry test testing tomcat unit test windows
Legal

Don't Panic! blog and example code by Stuart 'Stevie' Leitch is licensed under a Creative Commons Attribution 3.0 Unported License.

The views expressed on this blog are my own and do not necessarily reflect the views of my employers, past or present.

Don't Panic!

Tag Archives: salt

Hashing and Salting passwords with Spring Security PasswordEncoder

Don’t Panic!

Archives

Tags

Legal