user1670773 user1670773 - 1 year ago 247
Java Question

How to get original password from BCryptPasswordEncoder

I'm using spring security for my application. When a user register first time, their passwords are encrypted with


BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);

Now, in case of password changing, users enter their current password and I need to check if this current password is same against the encrypted password that is saved in the database.

I know it is not possible to generate two same encrypted hash with same string with
. So probably only way to compare the passwords if they are same is to get the original password that is saved in the database and compare with the current entered password.

So, is there any way to compare the passwords or to get the original password from the database saved hashed password?

Answer Source

You need to only check the raw password against the encoded password in the db. For example,

BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String p = bCryptPasswordEncoder.encode("SomeCoolPassword");
System.out.println(bCryptPasswordEncoder.matches("SomeCoolPassword", p));
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download