Understanding Password Encoders
Examine different password encoders available in Spring Security and their importance for secure password storage.
Why Encode Passwords?
Imagine storing your password in a simple text file. Anyone who gains access to that file can immediately see and use your password.
This is a major security risk! In web applications, we never store user passwords in plain, readable text.
Hashing vs. Encryption
When we talk about securing passwords, we use a technique called hashing, not encryption. What's the difference?
- Encryption: Reversible process. You can encrypt data and later decrypt it back to its original form using a key.
- Hashing: One-way process. You transform data into a fixed-size string (a hash) that is extremely difficult to reverse. There's no 'decrypting' a hash.
Hashing ensures that even if a database is breached, attackers only get hashes, not actual passwords.