shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konrad Zuse <thekonradz...@hotmail.com>
Subject RE: SHA-256/SHA-512 not secure enough for passwords?
Date Wed, 17 Sep 2014 12:11:46 GMT
Thanks so it will work with Shiro?  I'm surprised shiro doesn't have nything for this...

> Date: Wed, 17 Sep 2014 01:16:49 -0700
> From: dominicfarr@gmail.com
> To: user@shiro.apache.org
> Subject: Re: SHA-256/SHA-512 not secure enough for passwords?
> 
> bcrypt is very easy and very secure.
> 
> Spring has a simple to use abstraction on top of it.
> 
> eg.
> 
> 
> *import static org.springframework.security.crypto.bcrypt.BCrypt
> 
> String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt(LOG_ROUNDS));
> 
> boolean match = BCrypt.checkpw(password, hashedPassword); // match == true*
> 
> 
> 
> More details on why bcrypt is your friend.
> http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage
> 
> 
> bcrypt has a nice built in salt. See.
> http://stackoverflow.com/questions/277044/do-i-need-to-store-the-salt-with-bcrypt
> 
> 
> 
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/SHA-256-SHA-512-not-secure-enough-for-passwords-tp7580224p7580226.html
> Sent from the Shiro User mailing list archive at Nabble.com.
 		 	   		  
Mime
View raw message