user1670773 user1670773 - 3 months ago 16
Java Question

How to get original password from BCryptPasswordEncoder

I'm using spring security for my application. When a user register first time, their passwords are encrypted with

BCryptPasswordEncoder
.

BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);


Now, in case of password changing, users enter their current password and I need to check if this current password is same against the encrypted password that is saved in the database.

I know it is not possible to generate two same encrypted hash with same string with
BCryptPasswordEncoder
. So probably only way to compare the passwords if they are same is to get the original password that is saved in the database and compare with the current entered password.

So, is there any way to compare the passwords or to get the original password from the database saved hashed password?

Answer

You need to only check the raw password against the encoded password in the db. For example,

BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String p = bCryptPasswordEncoder.encode("SomeCoolPassword");
System.out.println(bCryptPasswordEncoder.matches("SomeCoolPassword", p));
Comments