spring-projects · larsgrefer · Oct 28, 2021 · Oct 28, 2021 · Oct 28, 2021
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -62,7 +62,7 @@
 public class BCrypt {
 
 	// BCrypt parameters
-	private static final int GENSALT_DEFAULT_LOG2_ROUNDS = 10;
+	public static final int GENSALT_DEFAULT_LOG2_ROUNDS = 12;
 
 	private static final int BCRYPT_SALT_LEN = 16;
 

diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -29,7 +29,8 @@
  * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
  * can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds
  * in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work
- * will have to be done (exponentially) to hash the passwords. The default value is 10.
+ * will have to be done (exponentially) to hash the passwords. The default value is
+ * {@value BCrypt#GENSALT_DEFAULT_LOG2_ROUNDS}.
  *
  * @author Dave Syer
  */
@@ -97,7 +98,7 @@ public BCryptPasswordEncoder(BCryptVersion version, int strength, SecureRandom r
 			throw new IllegalArgumentException("Bad strength");
 		}
 		this.version = version;
-		this.strength = (strength == -1) ? 10 : strength;
+		this.strength = (strength == -1) ? BCrypt.GENSALT_DEFAULT_LOG2_ROUNDS : strength;
 		this.random = random;
 	}
 

diff --git a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
@@ -324,7 +324,7 @@ https://docs.spring.io/spring-security/site/docs/5.0.x/api/org/springframework/s
 The `BCryptPasswordEncoder` implementation uses the widely supported https://en.wikipedia.org/wiki/Bcrypt[bcrypt] algorithm to hash the passwords.
 In order to make it more resistent to password cracking, bcrypt is deliberately slow.
 Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
-The default implementation of `BCryptPasswordEncoder` uses strength 10 as mentioned in the Javadoc of https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html[BCryptPasswordEncoder]. You are encouraged to
+The default implementation of `BCryptPasswordEncoder` uses strength 12 as mentioned in the Javadoc of https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html[BCryptPasswordEncoder]. You are encouraged to
 tune and test the strength parameter on your own system so that it takes roughly 1 second to verify a password.
 
 .BCryptPasswordEncoder

diff --git a/docs/modules/ROOT/pages/features/integrations/cryptography.adoc b/docs/modules/ROOT/pages/features/integrations/cryptography.adoc
@@ -212,7 +212,7 @@ The `BCryptPasswordEncoder` implementation uses the widely supported "bcrypt" al
 Bcrypt uses a random 16 byte salt value and is a deliberately slow algorithm, in order to hinder password crackers.
 The amount of work it does can be tuned using the "strength" parameter which takes values from 4 to 31.
 The higher the value, the more work has to be done to calculate the hash.
-The default value is 10.
+The default value is 12.
 You can change this value in your deployed system without affecting existing passwords, as the value is also stored in the encoded hash.
 
 .BCryptPasswordEncoder