I saw a post that bcrypt has 72 characters limit. So I tested Spring security's BCryptPasswordEncoder
to see what will happen. I tried over 1000 length and it worked normally. Not even a warning log was out.
I tried JavaDoc and online docs but couldn't find about input length limitation.
Is BCryptPasswordEncoder's password length limit more than 72 characters? If so, can I use this to my web applications?
See Question&Answers more detail:os