This is an automated email from the ASF dual-hosted git repository.
lprimak pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/main by this push:
new 66db97969 removed older algorithms and updated to reflect what's in
Shiro 2 currently (#249)
66db97969 is described below
commit 66db979696cddcb319701022e3df41e0ce8eda53
Author: Lenny Primak <[email protected]>
AuthorDate: Wed Nov 5 09:59:47 2025 -0600
removed older algorithms and updated to reflect what's in Shiro 2 currently
(#249)
---
src/site/content/command-line-hasher.adoc | 11 +++++++----
src/site/content/java-cryptography-guide.adoc | 7 +------
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/src/site/content/command-line-hasher.adoc
b/src/site/content/command-line-hasher.adoc
index 4415afb7f..68a20a16d 100644
--- a/src/site/content/command-line-hasher.adoc
+++ b/src/site/content/command-line-hasher.adoc
@@ -38,7 +38,9 @@ Once you have access to the jar, you can run the following
command:
$ java -jar shiro-tools-hasher-${versions.latestRelease}-cli.jar
----
-This will print all available options for both standard (MD5, SHA1) and more
complex password hashing scenarios.
+This will print all available options for both standard (SHA-256, SHA-256) and
more complex password hashing scenarios.
+
+NOTE: Older algorithms such as MD5 and SHA-1 are no longer available since
Shiro 2.0+ due to security concerns.
[#CommandLineHasher-CommonScenarios]
== Common Scenarios
@@ -90,10 +92,10 @@ iniRealm.credentialsMatcher = $passwordMatcher
...
----
-[#CommandLineHasher-MD5checksum]
-=== MD5 checksum
+[#CommandLineHasher-SHAchecksum]
+=== SHA-256 checksum
-Although you can perform any hash with any algorithm supported on the JVM, the
default hashing algorithm is MD5, common for file checksums. Just use the
`**-r**` (or `--resource`) option to indicate the following value is a resource
location (and not text you wish hashed):
+Although you can perform any hash with any algorithm supported on the JVM, the
default hashing algorithm is SHA-256, common for file checksums. Just use the
`**-r**` (or `--resource`) option to indicate the following value is a resource
location (and not text you wish hashed):
[source,bash]
----
@@ -109,6 +111,7 @@ Some examples:
<command> -r fileInCurrentDirectory.txt
<command> -r ../../relativePathFile.xml
<command> -r ~/documents/myfile.pdf
+<command> -r ~/documents/myfile.pdf -a SHA-512
<command> -r /usr/local/logs/absolutePathFile.log
<command> -r url:http://foo.com/page.html <command> -r
classpath:/WEB-INF/lib/something.jar
----
diff --git a/src/site/content/java-cryptography-guide.adoc
b/src/site/content/java-cryptography-guide.adoc
index 5f11899ed..51e92f8c7 100644
--- a/src/site/content/java-cryptography-guide.adoc
+++ b/src/site/content/java-cryptography-guide.adoc
@@ -78,13 +78,8 @@ public interface Hash {
=== Examples of how to use Hashes in your code
[source,java]
+.Note: MD5 is no longer considered secure and has been deprecated since Shiro
2.0. Use SHA-256 or stronger algorithms for secure hashing.
----
-//some examples:
-new Md5Hash("foo").toHex();
-
-//File MD5 Hash value for checksum:
-new MD5Hash( aFile ).toHex();
-
//store a password, but not raw:
new Sha256(aPassword, salt, 1024).toBase64();
----
