我正在数据库中使用SHA512哈希来哈希我的密码。在我的春季启动安全中,我使用以下代码
@Bean
public PasswordEncoder customPasswordEncoder()
{
return new PasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
return BCrypt.hashpw(rawPassword.toString(), BCrypt.gensalt(80));
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}
};
}
但它给出了无效的日志轮次错误。请告诉我目前的日志轮次数量。
您给它的日志轮次为80,这将花费大量时间来散列传递。例如
A cost factor of 30 could take 44370461014.7 milliseconds to calculate. That is, 739507.68 minutes or 513.55 days!
尝试使用较小的对数舍入值。有关详细信息,请查看此链接。关于bcrypt花费的时间https://auth0.com/blog/hashing-in-action-understanding-bcrypt/
如果你阅读了spring文档,那么它就在那里被提到了。
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 31.
阅读此了解更多详细信息https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCrypt.html