This is an automated email from the ASF dual-hosted git repository. lprimak pushed a commit to branch algo-updates in repository https://gitbox.apache.org/repos/asf/shiro-site.git
commit 61f78cc59a02198361dda854c7069dcc6147569e Author: lprimak <[email protected]> AuthorDate: Sat Oct 25 14:23:50 2025 -0500 removed older algorithms and updated to reflect what's in Shiro 2 currently --- src/site/content/command-line-hasher.adoc | 11 +++++++---- src/site/content/java-cryptography-guide.adoc | 7 +------ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/src/site/content/command-line-hasher.adoc b/src/site/content/command-line-hasher.adoc index 4415afb7f..68a20a16d 100644 --- a/src/site/content/command-line-hasher.adoc +++ b/src/site/content/command-line-hasher.adoc @@ -38,7 +38,9 @@ Once you have access to the jar, you can run the following command: $ java -jar shiro-tools-hasher-${versions.latestRelease}-cli.jar ---- -This will print all available options for both standard (MD5, SHA1) and more complex password hashing scenarios. +This will print all available options for both standard (SHA-256, SHA-256) and more complex password hashing scenarios. + +NOTE: Older algorithms such as MD5 and SHA-1 are no longer available since Shiro 2.0+ due to security concerns. [#CommandLineHasher-CommonScenarios] == Common Scenarios @@ -90,10 +92,10 @@ iniRealm.credentialsMatcher = $passwordMatcher ... ---- -[#CommandLineHasher-MD5checksum] -=== MD5 checksum +[#CommandLineHasher-SHAchecksum] +=== SHA-256 checksum -Although you can perform any hash with any algorithm supported on the JVM, the default hashing algorithm is MD5, common for file checksums. Just use the `**-r**` (or `--resource`) option to indicate the following value is a resource location (and not text you wish hashed): +Although you can perform any hash with any algorithm supported on the JVM, the default hashing algorithm is SHA-256, common for file checksums. Just use the `**-r**` (or `--resource`) option to indicate the following value is a resource location (and not text you wish hashed): [source,bash] ---- @@ -109,6 +111,7 @@ Some examples: <command> -r fileInCurrentDirectory.txt <command> -r ../../relativePathFile.xml <command> -r ~/documents/myfile.pdf +<command> -r ~/documents/myfile.pdf -a SHA-512 <command> -r /usr/local/logs/absolutePathFile.log <command> -r url:http://foo.com/page.html <command> -r classpath:/WEB-INF/lib/something.jar ---- diff --git a/src/site/content/java-cryptography-guide.adoc b/src/site/content/java-cryptography-guide.adoc index 5f11899ed..51e92f8c7 100644 --- a/src/site/content/java-cryptography-guide.adoc +++ b/src/site/content/java-cryptography-guide.adoc @@ -78,13 +78,8 @@ public interface Hash { === Examples of how to use Hashes in your code [source,java] +.Note: MD5 is no longer considered secure and has been deprecated since Shiro 2.0. Use SHA-256 or stronger algorithms for secure hashing. ---- -//some examples: -new Md5Hash("foo").toHex(); - -//File MD5 Hash value for checksum: -new MD5Hash( aFile ).toHex(); - //store a password, but not raw: new Sha256(aPassword, salt, 1024).toBase64(); ----
