2

Can you please explain what means SecureRandom random parameter in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder?

Javadoc is here: javadoc

And I ask about this constructor: BCryptPasswordEncoder(int strength, SecureRandom random). I can't understand what parameter SecureRandom random means.

I've tried to read spring documentation or find something in google, but I still don't understand it's purpose. I know that bCrypt always add some random salt to password, but as I see from the sources of BCrypt class, it is not the same.

Improve this question
1

2 Answers 2

Reset to default
3

Just as it says from the javadoc for SecureRandom it is an object containing a random number that you can use to randomize the hashes that the BCryptPasswordEncoder generates.

Here is what the javadoc for the class states:

A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

For an example of how to create a SecureRandom here is another quote from the documentation:

Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

  SecureRandom random = new SecureRandom();
  byte bytes[] = new byte[20];
  random.nextBytes(bytes);

Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

  byte seed[] = random.generateSeed(20);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Define the bean as follows (strength 11 and SecureRandom as salt)

@Bean
public PasswordEncoder encoder() {
    return new BCryptPasswordEncoder(11, new SecureRandom());
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.