概述

BCrypt的工作因子參數(shù)strength設(shè)置的取值范圍是4-31，如果設(shè)置過高會(huì)導(dǎo)致執(zhí)行效率下降非常明顯。

測(cè)試不同strength耗時(shí)對(duì)比

@Test
    fun testStrengthConfig(){
        // 默認(rèn)strength
        val strengthDefault = BCryptPasswordEncoder()
        // 4 strength
        val strength4 = BCryptPasswordEncoder(4)

        val pwd = "123456"
        val count = 100

        val t1 = System.currentTimeMillis()
        for (i in 0 until count){
            strengthDefault.encode(pwd)
        }
        println("默認(rèn)strength執(zhí)行耗時(shí):${System.currentTimeMillis() - t1}")

        val t2 = System.currentTimeMillis()
        for (i in 0 until count){
            strength4.encode(pwd)
        }
        println("4 strength執(zhí)行耗時(shí):${System.currentTimeMillis() - t2}")

    }

運(yùn)行結(jié)果

默認(rèn)strength執(zhí)行耗時(shí):6876
4 strength執(zhí)行耗時(shí):110

肉眼可見的性能差別，可見正確設(shè)置strength非常重要。

測(cè)試不同strength加密后的密碼是否能匹配

@Test
    fun match(){
        // 默認(rèn)strength
        val strengthDefault = BCryptPasswordEncoder()
        // 4 strength
        val strength4 = BCryptPasswordEncoder(4)

        val pwd = "sdfd@#$@#sdfsdf"
        println("1match:${strengthDefault.matches(pwd, strength4.encode(pwd))}")
        println("2match:${strength4.matches(pwd, strengthDefault.encode(pwd))}")

        println("3match:${strengthDefault.matches(pwd, strengthDefault.encode(pwd))}")
        println("4match:${strength4.matches(pwd, strength4.encode(pwd))}")
    }

運(yùn)行結(jié)果

1match:true
2match:true
3match:true
4match:true

測(cè)試可見，不同strength加密后的密碼仍舊可以匹配