Getting Password Salt when Using Jasypt
https://stackoverflow.com/questions/9338774
-
30-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
I want to use Jasypt to encrypt user passwords using a random Salt. Is it possible to get random slat from Jasypt? How could I get it?
Thanks, Feras
Solución
Using a random salt is in fact the default behaviour of all jasypt encryption artifacts, and this salt is generated securely (using SHA1PRNG).
Please read http://www.jasypt.org/howtoencryptuserpasswords.html in order to know more about the way passwords are processed in jasypt.
Otros consejos
Never used Jasypt, but from their documentation:
A salt of the specified size is generated (see org.jasypt.salt.SaltGenerator). If salt size is zero, no salt will be used. It is advisable that you use a random salt generator like org.jasypt.salt.RandomSaltGenerator (which is the default) for higher security.
you can use RandomSaltGenerator.
