Another option is to use Shiro’s HashService API which supports multiple MessageDigest algorithms. There is a CAS’ PasswordEncoder implementation on top of it (but only currently with static config options for salt and iterations): https://github.com/Unicon/cas-addons/wiki/Configuring%20ShiroHashServicePasswordEncoder
The idea would be to come up with an abstraction API, let’s say DigestConfigurationSource and implementation(s) that could pull values from a variety of back end stores e.g. RDBMS - for algorithm, salt, number of iterations, etc. and wire that into this PE impl (which of course would need to be refactored to use this abstraction, etc.) Best, Dmitriy. On Aug 19, 2014, at 11:36 AM, John Gasper <[email protected]> wrote: > Hi Jonathan, > > I hope all is well at FSU. > > I haven't seen any complete DB salted hashing solutions out there. I'm > attaching a class > (org.apache.directory.studio.ldapbrowser.core.model.password) that I borrowed > from the Apache DS project. I basically stripped it down to be a single class > that produces the SSHA hashes. I believe the original class has a password > verify routine. Using that, this and a JDBC Auth Handler, you (or a dev at > FSU) should probably be able to get something working for SSHA512. > > Good luck! > > On 8/17/14 10:14 PM, Liedy, Jonathan wrote: >> Hey all, >> ? >> Does anyone have an implementation of pulling a salt from a database and >> comparing the given encoded password with a database stored password? >> ? >> The latest release of Blackboard uses SHA512 encoded passwords with a >> dynamically generated salt.? The salt, iterations and hash are all in the >> same table.? I?m no java dev, but if someone has a similar implementation >> they could share, I could probably hack through it. >> ? >> Thanks, >> ? >> Jonathan Liedy >> Middleware Administrator >> The Florida State University >> 2035 East Paul Dirac Drive >> Sliger, Suite 113 >> Tallahassee, FL 32310 >> [email protected] >> Voice: (850) 270-7368 >> ? >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > John Gasper > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > <Password.java> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
