shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SHIRO-213) Password and hash management
Date Tue, 13 Dec 2011 01:39:31 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Les Hazlewood resolved SHIRO-213.
---------------------------------

       Resolution: Fixed
    Fix Version/s: 1.2.0

Implemented as part of SHIRO-280
                
> Password and hash management
> ----------------------------
>
>                 Key: SHIRO-213
>                 URL: https://issues.apache.org/jira/browse/SHIRO-213
>             Project: Shiro
>          Issue Type: New Feature
>            Reporter: Alan Cabrera
>            Assignee: Les Hazlewood
>             Fix For: 1.2.0
>
>
> Sometimes secure hashes are long lived.  I usually will hash something but prefix the
string to be hashed with a secret password; I will usually add a bit of salt too. Often I
will need to change the password to that hash on a periodic basis. Sometimes I find out that
a particular hash algorithm is no longer secure and need to change my hash.  What do I do
with the old hashes?  How can I tell them apart from the new ones?
> What I do is store the hashes as tuples which contain enough information my code to figure
out what hash to use.  All of this applies to encryption as well.
> I'm wondering is if we should provide some kind of manager to manage all this. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message