Why BCryptPasswordEncoder from Spring generate different outputs for same input?

java spring bcrypt spring-security 
public static void main(String[] args) {
  // spring 4.0.0
  org.springframework.security.crypto.password.PasswordEncoder encoder
   = new org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder();

   // $2a$10$lB6/PKg2/JC4XgdMDXyjs.dLC9jFNAuuNbFkL9udcXe/EBjxSyqxW
   // true
   // $2a$10$KbQiHKTa1WIsQFTQWQKCiujoTJJB7MCMSaSgG/imVkKRicMPwgN5i
   // true
   // $2a$10$5WfW4uxVb4SIdzcTJI9U7eU4ZwaocrvP.2CKkWJkBDKz1dmCh50J2
   // true
   // $2a$10$0wR/6uaPxU7kGyUIsx/JS.krbAA9429fwsuCyTlEFJG54HgdR10nK
   // true
   // $2a$10$gfmnyiTlf8MDmwG7oqKJG.W8rrag8jt6dNW.31ukgr0.quwGujUuO
   // true

    for (int i = 0; i < 5; i++) {
      // "123456" - plain text - user input from user interface
      String passwd = encoder.encode("123456");

      // passwd - password from database
      System.out.println(passwd); // print hash

      // true for all 5 iteration
      System.out.println(encoder.matches("123456", passwd));
    }
}

The generated password are salted and therefore different.

Please read the documentation for the encode() method where it clearly states the the password is salted.


The 22 characters directly after the 3rd $ represent the salt value, see https://en.wikipedia.org/wiki/Bcrypt#Description . "Salt" is some random data added to the password before hashing, so a given hash algorithm with given parameters will in most cases produce different hash values for the same password (protection against so called rainbow attacks).

Let's dissect the first output shown in the original question: $2a$10$cYLM.qoXpeAzcZhJ3oXRLu9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi

  • $2a : Identifier for BCrypt algorithm
  • $10 : Parameter for number of rounds, here 2^10 rounds
  • cYLM.qoXpeAzcZhJ3oXRLu : Salt (128 bits)
  • 9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi : Actual hash value (184 bits)

The salt and the hash value are both encoded using Radix-64.


That is perfectly normal because BCryptPasswordEncoder uses a salt to generate the password. You can read about the idea behind "salting" a password here and here.

This is what the documentation says for the encode method

Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.


The BCrypt output is: $2a$10$cYLM.qoXpeAzcZhJ3oXRLu9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi

$2a$ means the hash algorithm

10$ is the log rounds

following is the salt and hashed password

since the Spring will generate the salt will different on each time, so your output is not same. the BCrypt syntax you can reference https://en.wikipedia.org/wiki/Bcrypt#Description

Related

Referencing a .css file in github repo as stylesheet in a .html file
Is there a way of drawing a caption box in matplotlib
Tomcat Not Starting Through Eclipse (Timeout)
Jenkins website root path
How to make Egit remember password and username?
cross-platform printing of 64-bit integers with printf
Alternative to eval() javascript [duplicate]
Best way to prevent/handle divide by 0 in javascript
What is the best way to preload multiple images in JavaScript?
What is a nested name specifier?
Disable WebView touch events in Android
How to rename root key in JSON serialization with Jackson