shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From NabbleReallySucks <bigtrashcaninthe...@yahoo.com>
Subject Re: Question on hashing and cryptography. Not able to login
Date Thu, 14 Mar 2013 00:57:22 GMT
Thanks. Our code would do 

Key key = cipherService.generateNewKey();

    ByteSource encryptedPassword =
cipherService.encrypt(accountSecurity.getPassword().getBytes(),
key.getEncoded());
    accountSecurity.setSaltValue(new String(key.getEncoded()));
    accountSecurity.setPassword(encryptedPassword.toBase64());

    accountService.save(accountSecurity);

So I was assuming that each and every saved password would have a different
key anyway. And we would save that key as the salt value.


Our app will be for real money gambling, so it has to pass the standards
committees rules. So I don't think SHA256 is enough to pass. So I guess I
can implement my own matcher that decrypts using the Aes Cipher class.

Thanks

Mark



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Question-on-hashing-and-cryptography-Not-able-to-login-tp7578370p7578379.html
Sent from the Shiro User mailing list archive at Nabble.com.

Mime
View raw message