Why BCryptPasswordEncoder from Spring generate different outputs for same input?

I am using [BCryptPasswordEncoder][1] with Spring security. My expectation was that for the same input I will always get the same output. But for the same input I get different output. You could test it with the code snippet below:

String password = "123456";
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(password);
System.out.print(encodedPassword);

>output: $2a$10$cYLM.qoXpeAzcZhJ3oXRLu9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi

>output2: $2a$10$KEvYX9yjj0f1X3Wl8S.KPuWzSWGyGM9ubI71NOm3ZNbJcwWN6agvW

>output3: $2a$10$nCmrPtUaOLn5EI73VZ4Ouu1TmkSWDUxxD4N6A.8hPBWg43Vl.RLDC

Could someone explain, why BCryptPasswordEncoder behave like this?


[1]:

[To see links please register here]

That is perfectly normal because [BCryptPasswordEncoder][1] uses a salt to generate the password. You can read about the idea behind "salting" a password [here][2] and [here][3].

This is what the documentation says for the `encode` method

> Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.


[1]:

[To see links please register here]

[2]:

[To see links please register here]

[3]:

[To see links please register here]

The generated password are salted and therefore different.

Please read the documentation for the [encode()](

[To see links please register here]

) method where it clearly states the the password is salted.

public static void main(String[] args) {
// spring 4.0.0
org.springframework.security.crypto.password.PasswordEncoder encoder
= new org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder();

// $2a$10$lB6/PKg2/JC4XgdMDXyjs.dLC9jFNAuuNbFkL9udcXe/EBjxSyqxW
// true
// $2a$10$KbQiHKTa1WIsQFTQWQKCiujoTJJB7MCMSaSgG/imVkKRicMPwgN5i
// true
// $2a$10$5WfW4uxVb4SIdzcTJI9U7eU4ZwaocrvP.2CKkWJkBDKz1dmCh50J2
// true
// $2a$10$0wR/6uaPxU7kGyUIsx/JS.krbAA9429fwsuCyTlEFJG54HgdR10nK
// true
// $2a$10$gfmnyiTlf8MDmwG7oqKJG.W8rrag8jt6dNW.31ukgr0.quwGujUuO
// true

for (int i = 0; i < 5; i++) {
// "123456" - plain text - user input from user interface
String passwd = encoder.encode("123456");

// passwd - password from database
System.out.println(passwd); // print hash

// true for all 5 iteration
System.out.println(encoder.matches("123456", passwd));
}
}

The BCrypt output is:
$2a$10$cYLM.qoXpeAzcZhJ3oXRLu9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi



$2a$ means the hash algorithm

10$ is the log rounds

following is the salt and hashed password

since the Spring will generate the salt will different on each time, so your output is not same. the BCrypt syntax you can reference

[To see links please register here]

The 22 characters directly after the 3rd $ represent the salt value, see

[To see links please register here]

. "Salt" is some random data added to the password before hashing, so a given hash algorithm with given parameters will in most cases produce different hash values for the same password (protection against so called rainbow attacks).

Let's dissect the first output shown in the original question:
`$2a$10$cYLM.qoXpeAzcZhJ3oXRLu9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi`

- `$2a` : Identifier for BCrypt algorithm
- `$10` : Parameter for number of rounds, here 2^10 rounds
- `cYLM.qoXpeAzcZhJ3oXRLu` : Salt (128 bits)
- `9Slkb61LHyWW5qJ4QKvHEMhaxZ5qCPi` : Actual hash value (184 bits)

The salt and the hash value are both encoded using Radix-64.