Remove double salt in Pbkdf2PasswordEncoder

Issue gh-3930
10 years ago · 5f658b3ffc
1 changed files with 2 additions and 2 deletions
--- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@ -101,7 +101,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
				@@ -101,7 +101,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 	}

 	private byte[] encodeAndConcatenate(CharSequence rawPassword, byte[] salt) {
-		return concatenate(salt, encode(rawPassword, salt));
+		return encode(rawPassword, salt);
 	}

 	/**
@ -130,4 +130,4 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
				@@ -130,4 +130,4 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 			throw new IllegalStateException("Could not create hash", e);
 		}
 	}
-}
+}