bmarwell commented on code in PR #2327:
URL: https://github.com/apache/shiro/pull/2327#discussion_r2462720845
##########
tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java:
##########
@@ -70,7 +70,7 @@ public final class Hasher {
private static final Logger LOG = LoggerFactory.getLogger(Hasher.class);
private static final String HEX_PREFIX = "0x";
- private static final String DEFAULT_ALGORITHM_NAME = "MD5";
+ private static final String DEFAULT_ALGORITHM_NAME = "SHA-256";
Review Comment:
We need to document this on shiro-site.
##########
crypto/support/hashes/bcrypt/src/main/java/org/apache/shiro/crypto/support/hashes/bcrypt/BCryptHash.java:
##########
@@ -166,7 +176,7 @@ public String formatToCryptString() {
String dataBase64 = new String(bsdBase64.encode(this.getBytes()),
StandardCharsets.ISO_8859_1);
return new StringJoiner("$", "$", "")
- .add(this.getAlgorithmName())
+ .add(getBcryptVersion(this.getAlgorithmName()))
Review Comment:
You renamed version to `algorithmName` in line 64, but here you use version
again. While "version" is probably the technically correct term, I like
"algorithmName" a bit better. Can we (should we) align this? Or am I confusing
something?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
