shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mária Jurčovičová <m.jurcovic...@gmail.com>
Subject Re: svn commit: r1131059 - in /shiro/trunk/core/src: main/java/org/apache/shiro/crypto/hash/DefaultHasher.java test/java/org/apache/shiro/crypto/hash/ test/java/org/apache/shiro/crypto/hash/DefaultHasherTest.java
Date Mon, 06 Jun 2011 07:03:45 GMT
Hi,

there is one thing: DefaultHasher takes algorithm name as a parameter and
then uses an instance of simple hash to hash passwords. It is not possible
to supply it with an arbitrary instance of Hash interface implementation.

For example, if BCrypt hashing would be implemented (
https://issues.apache.org/jira/browse/SHIRO-290), it would be impossible to
use it with DefaultHasher. As I understand it, BCrypt is now recommended for
password hashing.

With Regards,
Maria Jurcovicova



On Fri, Jun 3, 2011 at 7:21 PM, Les Hazlewood <lhazlewood@apache.org> wrote:

> Thanks for this Maria and Kalle.
>
> Just a quick note though - the Hasher stuff I wrote is still in flux -
> it's not necessarily scoped out to how it should/could be before being
> 'releasable'.  Any thoughts or feedback is appreciated!
>
> Cheers,
>
> Les
>
> On Fri, Jun 3, 2011 at 7:52 AM,  <kaosko@apache.org> wrote:
> > Author: kaosko
> > Date: Fri Jun  3 14:52:04 2011
> > New Revision: 1131059
> > ...
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message