Spring 5 Security 是否支持 $2y$ bcrypt 散列版本?

Is the $2y$ bcrypt hash version supported by Spring 5 Security?

我在文档中搜索了 Spring 5 Security,但我在任何地方都找不到对 BCrypt y$ 版本前缀的引用。

不过,在查看源代码时,我在 Javadoc of the PasswordEncoder:

中找到了一个参考

can optionally supply a "version" (a, b, y)

谁能给我一些共识?使用 Spring 5 Security 时是否可以使用 y$ bcrypt 版本前缀?

这取决于您使用的版本,the commit in which this feature introduced was on Oct 18, 2018. It has the tag 5.2.0.M1 which means that's the release this commit will be introduced in, the official docs of that version now specify this feature exists:

Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients can optionally supply a "version" (a, b, y) and a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work will have to be done (exponentially) to hash the passwords. The default value is 10.

版本5.2.0.M1之前不存在此功能,此版本还没有正式发布,只有快照(5.2.0.M1于2019年1月16日发布)。

如果您想使用此功能,则必须使用此版本(或更高版本),直到正式发布。