Say I hash passwords with StandardPasswordEncoder which uses SHA-256 and 8bit random characters as

Question

0

Asked: May 26, 20262026-05-26T19:58:26+00:00 2026-05-26T19:58:26+00:00

Say I hash passwords with StandardPasswordEncoder which uses SHA-256 and 8bit random characters as

0

Say I hash passwords with StandardPasswordEncoder which uses SHA-256 and 8bit random characters as a salt and save it to db(for registration form for example).

And then I check it with

<security:password-encoder hash="sha-256" >
</security:password-encoder> (for login form)

Does this latest knows that the first encoded it in a way that salt is 8 bytes of randomly generated salt? And even if it knows how will it find out what salt to apply to get same hash?

Or maybe I am completely off the track and SHA-256 standard already presumes that there should be strictly 8-bit generated salt inside for hashing?

Thanks,

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T19:58:27+00:00

Solved it, I will not go into details, but better use org.springframework.security.authentication.encoding.ShaPasswordEncoder ,

 <bean id ="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" >
 <constructor-arg value="256"/>
 <property name="iterations" value="1024"/> 
 </bean>

and reference this bean from your security context:

         <security:password-encoder ref="passwordEncoder">
            <security:salt-source user-property="username"/>
        </security:password-encoder>

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Say I hash passwords with StandardPasswordEncoder which uses SHA-256 and 8bit random characters as

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply