0

I have a question about the implementation of the bcrypt in spring security.The class "org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" In the first constructor of the bcrypt i see "this(-1);" what does this exactly mean. As far as i understand this should refer to the field "strength" and the default value should be 10 set in org.springframework.security.crypto.bcrypt.BCrypt "private static final int GENSALT_DEFAULT_LOG2_ROUNDS = 10;", but then what is -1 referring to, to the first constructor?

public class BCryptPasswordEncoder implements PasswordEncoder {
    private Pattern BCRYPT_PATTERN = Pattern.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
    private final Log logger = LogFactory.getLog(getClass());

    private final int strength;

    private final SecureRandom random;

    public BCryptPasswordEncoder() {
        this(-1);
    }
Improve this question

1 Answer 1

Reset to default
1

Since you got that far, why not just look at where it's used in remainder of the file?

Unless the value is greater than zero, it just calls the default JBCrypt genSalt function:

BCrypt.gensalt();

which in turn uses the default strength setting.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

ups that was a little bit embarrassing. Thank you for the reply, next time i will think twice before asking such questions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.