Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deprecate StandardPasswordEncoder 

Issue: gh-2776
This commit is contained in:
Rob Winch 2017-10-23 08:16:30 -05:00
parent a0e9eb3a64
commit 7b282b54c8
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/src/main/java/org/springframework/security/crypto/password/StandardPasswordEncoder.java
View File

@ -24,6 +24,9 @@ import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;
/**
* This {@link PasswordEncoder} is provided for legacy purposes only and is not considered
* secure.
*
* A standard {@code PasswordEncoder} implementation that uses SHA-256 hashing with 1024
* iterations and a random 8-byte random salt value. It uses an additional system-wide
* secret value to provide additional protection.
@ -37,7 +40,12 @@ import org.springframework.security.crypto.keygen.KeyGenerators;
*
* @author Keith Donald
* @author Luke Taylor
* @deprecated Digest based password encoding is not considered secure. Instead use an
* adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
* SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
* password upgrades.
*/
@Deprecated
public final class StandardPasswordEncoder implements PasswordEncoder {
private final Digester digester;