Modernized password encoding is one of the new features of Spring Security 5. Spring Security's PasswordEncoder interface is central to it and does one-way hashing of passwords using various algorithms, which can then be stored securely. Spring Security supports a number of password-encoding algorithms:
- BcryptPasswordEncoder: This uses the Bcrypt strong hash function. You can optionally supply the strength parameter (default value is 10); the higher the value, the more work has to be done to hash the password.
- Pbkdf2PasswordEncoder: This uses Password-Based Key Derivation Function 2 (PKDF2) with a configurable number of iterations and an 8-byte random salt value.
- ScryptPasswordEncoder: This uses the Scrypt hashing function. While hashing, clients can supply a CPU cost parameter, a memory cost parameter, and a parallelization parameter. The current implementation uses the Bouncy Castle library.