Challenge - 5 Problems

🎖️

BCrypt Password Encoding Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What is the output of this BCrypt password encoding snippet?

Consider the following Spring Boot code that encodes a password using BCryptPasswordEncoder. What will be the output type and general format of the encoded password string?

Spring Boot

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordEncoderTest {
    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String rawPassword = "mypassword";
        String encodedPassword = encoder.encode(rawPassword);
        System.out.println(encodedPassword);
    }
}

AA string starting with "$2a$" or "$2b$" followed by a 60-character hash

BA plain text password identical to the input string

CA numeric hash value representing the password

DA Base64 encoded string without any prefix

Attempts:

2 left

❓ state_output

intermediate

2:00remaining

What is the result of matching a raw password against a BCrypt hash?

Given this code snippet, what will be the output of the match check?

Spring Boot

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordMatchTest {
    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String rawPassword = "secret123";
        String encodedPassword = encoder.encode(rawPassword);
        boolean matches = encoder.matches("secret123", encodedPassword);
        System.out.println(matches);
    }
}

ARuntime exception due to invalid password format

Btrue

CCompilation error due to missing imports

Dfalse

Attempts:

2 left

📝 Syntax

advanced

2:00remaining

Which option correctly configures a BCryptPasswordEncoder bean in Spring Boot?

You want to create a BCryptPasswordEncoder bean in a Spring Boot configuration class. Which code snippet is syntactically correct and follows Spring Boot patterns?

@Bean
public void passwordEncoder() {
    new BCryptPasswordEncoder();
}

public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    BCryptPasswordEncoder encoder;
}

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this password match check always return false?

Examine the code below. Why does the password match check always print false?

Spring Boot

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordCheck {
    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String rawPassword = "pass123";
        String encodedPassword = encoder.encode(rawPassword);
        boolean matches = encoder.matches(rawPassword, rawPassword);
        System.out.println(matches);
    }
}

ABecause matches compares the raw password to the encoded password, but here it compares raw to raw

BBecause rawPassword is null causing NullPointerException

CBecause encode method returns null causing matches to fail

DBecause BCryptPasswordEncoder is not initialized properly

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

What is the main security benefit of using BCrypt for password encoding?

Why is BCrypt preferred over simple hashing algorithms like MD5 or SHA-1 for password encoding in Spring Boot applications?

ABCrypt hashes can be reversed to get the original password if needed

BBCrypt produces shorter hashes which save database space

CBCrypt automatically salts passwords and is computationally expensive, making brute-force attacks harder

DBCrypt uses symmetric encryption to protect passwords

Attempts:

2 left