shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Cabrera (JIRA)" <j...@apache.org>
Subject [jira] Created: (SHIRO-213) Password and hash management
Date Sun, 31 Oct 2010 19:00:26 GMT
Password and hash management
----------------------------

                 Key: SHIRO-213
                 URL: https://issues.apache.org/jira/browse/SHIRO-213
             Project: Shiro
          Issue Type: New Feature
            Reporter: Alan Cabrera


Sometimes secure hashes are long lived.  I usually will hash something but prefix the string
to be hashed with a secret password; I will usually add a bit of salt too. Often I will need
to change the password to that hash on a periodic basis. Sometimes I find out that a particular
hash algorithm is no longer secure and need to change my hash.  What do I do with the old
hashes?  How can I tell them apart from the new ones?

What I do is store the hashes as tuples which contain enough information my code to figure
out what hash to use.  All of this applies to encryption as well.

I'm wondering is if we should provide some kind of manager to manage all this. 


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message