shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (Resolved) (JIRA)" <>
Subject [jira] [Resolved] (SHIRO-213) Password and hash management
Date Tue, 13 Dec 2011 01:39:31 GMT


Les Hazlewood resolved SHIRO-213.

       Resolution: Fixed
    Fix Version/s: 1.2.0

Implemented as part of SHIRO-280
> Password and hash management
> ----------------------------
>                 Key: SHIRO-213
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Alan Cabrera
>            Assignee: Les Hazlewood
>             Fix For: 1.2.0
> Sometimes secure hashes are long lived.  I usually will hash something but prefix the
string to be hashed with a secret password; I will usually add a bit of salt too. Often I
will need to change the password to that hash on a periodic basis. Sometimes I find out that
a particular hash algorithm is no longer secure and need to change my hash.  What do I do
with the old hashes?  How can I tell them apart from the new ones?
> What I do is store the hashes as tuples which contain enough information my code to figure
out what hash to use.  All of this applies to encryption as well.
> I'm wondering is if we should provide some kind of manager to manage all this. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message