Hi Marvin, My database is actually someone else's database, but I do know (now) that the hashes stored in the database are generated using Apache Shiro and that the salt is stored as hex. An example hash is:
4d8d39a8283a53aeb51061457edc32c6a8e5404864b7571bf7b33d2c3bd5c580869ac1635be0d8ee57581f28b8aa9799729244852eb7aa010e7ac7b1cd69638f And an example salt is: 91f3c641110b2ded640c418046b3cb5af257da06ca98f192085cb10c7443e5e9 This salt is 32 bits (64 characters). I also have to be able to specify the number of iterations, of course, which is another issue! This is why I'm now thinking that implementing the hashing in my own class (by retrieving the hashed password and salt from the database and then processing them along with the provided password) is the only realistic route. Regards, Richard -----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: 14 July 2014 15:32 To: [email protected] Subject: Re: [cas-user] Using SHA512 > I'll look at the documentation again to try and work out the best/simplest > approach. Can you briefly describe how you store the salt in your database? There's a quasi-standard for LDAP directories, SSHA, but nothing equivalent that I'm aware of in the database world. The challenge for the CAS project will be shipping a component that has the right configuration knobs, but we don't have good use cases from which to design those knobs at present. Your input will help in that regard. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
