Start up the application and try creating another user with the password user1. Use the H2 console to compare the new user's password, and observe that they are different.
Spring Security now generates a random salt and combines this with the password before hashing our password. It then adds the random salt to the beginning of the password in plaintext, so that passwords can be checked. The stored password can be summarized as follows:
salt = randomsalt()
hash = hash(salt+originalPassword)
storedPassword = salt + hash
This is the pseudocode for hashing a newly created password.
To authenticate a user, salt and hash can be extracted from the stored password, since both salt and hash are fixed lengths. Then, the extracted hash can be compared against a new hash, computed...