Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish reference

Browse Source
This commit is contained in:
Rob Winch 2018-01-12 09:17:05 -06:00
parent 0991f31613
commit 450600cbb8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/manual/src/docs/asciidoc/_includes/password-encoder.adoc
View File

@ -45,7 +45,7 @@ https://en.wikipedia.org/wiki/PBKDF2[PBKDF2],
https://en.wikipedia.org/wiki/Scrypt[scrypt],
and https://en.wikipedia.org/wiki/Argon2[Argon2].
Because adaptive one-way functions are intentionally resource intensive, validating a username and password for every request will degrade performance of an application significantly
Because adaptive one-way functions are intentionally resource intensive, validating a username and password for every request will degrade performance of an application significantly.
There is nothing Spring Security (or any other library) can do to speed up the validation of the password since security is gained by making the validation resource intensive.
Users are encouraged to exchange the long term credentials (i.e. username and password) for a short term credential (i.e. session, OAuth Token, etc).
The short term credential can be validated quickly without any loss in security.