I’m using Spring security 3.1.1.RELEASE. I’m using the StandardPasswordEncoder.encode(password) function to encrypt my user

Question

0

Asked: June 15, 20262026-06-15T19:36:03+00:00 2026-06-15T19:36:03+00:00

I’m using Spring security 3.1.1.RELEASE. I’m using the StandardPasswordEncoder.encode(password) function to encrypt my user

0

I’m using Spring security 3.1.1.RELEASE. I’m using the StandardPasswordEncoder.encode(password) function to encrypt my user passwords, which relies on a random salt being generated. From the Spring security source, ultimately this method gets called from “org.springframework.security.crypto.keygen.SecureRandomBytesKeyGenerator” for the salt generation …

public byte[] generateKey() {
    byte[] bytes = new byte[keyLength];
    random.nextBytes(bytes);
    return bytes;
}

My question is, when a password is entered from a login page, how does the same salt used for an encoded-password comparison get generated? It seems like the above is random so I would figure a new random salt is created when a comparison is done.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T19:36:04+00:00

Editorial Team

2026-06-15T19:36:04+00:00Added an answer on June 15, 2026 at 7:36 pm

No. If you configured Spring Security for salted hashed passwords, then upon comparision, there is a call for user data lookup. Once user record is found by username, then the salt is extracted from password field, and used to calculate hash of password from page from. And then hashes get compared.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using Spring security 3.1.1.RELEASE. I’m using the StandardPasswordEncoder.encode(password) function to encrypt my user

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply