Escape attribute failures in Password4j docs

rwinch · rwinch · commit 11bec09ffc80 · 2025-09-15T10:57:19.000-05:00
Issue gh-17706
diff --git a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
@@ -605,7 +605,7 @@ This provides an alternative to Spring Security's built-in `Pbkdf2PasswordEncode
 
 PBKDF2 is a key derivation function designed to be computationally expensive to thwart dictionary and brute force attacks.
 This implementation handles salt management explicitly since Password4j's PBKDF2 implementation does not include the salt in the output hash.
-The encoded password format is: `{salt}:{hash}` where both salt and hash are Base64 encoded.
+The encoded password format is: `+{salt}:{hash}+` where both salt and hash are Base64 encoded.
 
 .Pbkdf2Password4jPasswordEncoder
 [tabs]
@@ -646,7 +646,7 @@ The `BalloonHashingPassword4jPasswordEncoder` implementation uses the Balloon ha
 Balloon hashing is a memory-hard password hashing algorithm designed to be resistant to both time-memory trade-off attacks and side-channel attacks.
 
 This implementation handles salt management explicitly since Password4j's Balloon hashing implementation does not include the salt in the output hash.
-The encoded password format is: `{salt}:{hash}` where both salt and hash are Base64 encoded.
+The encoded password format is: `+{salt}:{hash}+` where both salt and hash are Base64 encoded.
 
 .BalloonHashingPassword4jPasswordEncoder
 [tabs]
