>An example hash is: 4d8d39a8283a53aeb51061457edc32c6a8e5404864b7571bf7b33d2c3bd5c580869ac1635be0d8ee57581f28b8aa9799729244852eb7aa010e7ac7b1cd69638f > > And an example salt is: > 91f3c641110b2ded640c418046b3cb5af257da06ca98f192085cb10c7443e5e9
I think hex encoding is common and safe to assume generally. Just to clarify, these values are stored in separate columns in the same table? I would hope that's common and a safe assumption. Supporting values across separate tables is possible, but it's hopefully an edge case we could ignore. > I also have to be able to specify the number of iterations, of course, which > is another issue! That's a common input for salted hashing, so that would be an anticipated configuration point. The only concern you didn't address is whether the salt is the first input to the digest or the last; I have seen both approaches used in practice. I find it strange that there is no standard or guidance on the matter despite having researched it fairly extensively. It looks like it's simply an arbitrary choice and the CAS component would have to support both approaches. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
