Java Spring boot - password hashing | Together Java | Page 1

primal trellisBOT Feb 28, 2026, 4:09 PM

#

<@&1004656351647117403> please have a look, thanks.

nocturne elk Feb 28, 2026, 4:10 PM

#

ur already "doing it wrong" by having the pw as a string. strings are easy too steal

#

when its about security: dont roll ur own solution

#

spring has all that stuff built-in, make use of it

fervent ore Feb 28, 2026, 4:18 PM

#

@nocturne elk yea I'm trying to encrypt the password using some security library

mortal topaz Feb 28, 2026, 4:51 PM

#

Bcrypt is the industry standard

#

if you want a bit more costly / customizable , look into Argon ig

#

nvm u said encryption not hashing

#

ehh I mean you should prefer hashing but if you insist on encryption , you could try bouncy castle , it has AES and RSA

fervent ore Feb 28, 2026, 5:22 PM

#

I'm looking at the BCryptlibrary for Spring Boot

mortal topaz Feb 28, 2026, 5:32 PM

#

its for hashing

fervent ore Feb 28, 2026, 5:49 PM

#

ok thanks!

nocturne elk Feb 28, 2026, 6:27 PM

#

fervent ore <@157994153806921728> yea I'm trying to `encrypt` the password using some securi...

yes but the password is a string

#

instead of a char[]

#

so u already lost

#

theres more to consider and ull step into the next pitfall right away

#

dont do security urself

#

spring can do auth and login and whatnot fully automatic. ur reinventing security wheels in an unsecure way

full flare Feb 28, 2026, 6:35 PM

#

bcrypt is ok. I prefer sha256

mortal topaz Feb 28, 2026, 6:35 PM

#

where is the code gone

mortal topaz Feb 28, 2026, 6:37 PM

#

full flare bcrypt is ok. I prefer sha256

i use sha256 for integrity stuff mainly, for auth bcrypt or argon are better since more costly, so cracking it is way harder , especially when salted

fervent ore Feb 28, 2026, 6:48 PM

#

Don't worry guys I'm already using encrpytion here:


    public UserDataTransferObject createUser(UserDataTransferObject userDto, String password) throws NoSuchAlgorithmException {
        
        if (password == null || password.isBlank()) throw new IllegalArgumentException("Password required!");
        String passwordHash = BCrypt.hashpw(password, BCrypt.gensalt());
        
        var user = convertToEntity(userDto);
        
        var existsEmail = repository.existsByEmail(userDto.getEmail());
        if (existsEmail) throw new BadRequestException("Email " + user.getEmail() + " is taken!");
        var existsUsername = repository.existsByUserName(userDto.getUserName());
        if (existsUsername) throw new BadRequestException("Username " + user.getUserName() + " is taken!");
        var existsPhone = repository.existsByPhoneNumber(userDto.getPhoneNumber());
        if (existsPhone) throw new BadRequestException("Phone number " + user.getPhoneNumber() + "already exists!");
        
        user.setPassword(passwordHash);
        
        System.out.println("Password match"+ BCrypt.checkpw(password, passwordHash));
        
        repository.save(user);
        return convertToData(user);
    }

flat ravine Feb 28, 2026, 6:59 PM

#

Why arent you using springs functionality like PasswordEncoder? Are you even using UserDetailsService?

mortal topaz Feb 28, 2026, 6:59 PM

#

Why do you have a seperate field for password, why not have it inside the Dto

mortal topaz Feb 28, 2026, 6:59 PM

#

flat ravine Why arent you using springs functionality like PasswordEncoder? Are you even usi...

hes prolly new

#

and not using spring security

#

nvm he is using it

#

@fervent ore Spring Security provides a wide range of pre built stuff that you should use, its super secure and done need manual initializations, just proper config...

fervent ore Feb 28, 2026, 7:14 PM

#

@mortal topaz yes I am using it here

#Java Spring boot - password hashing