Hi everyone!
There’s a new draft PR [1] for SHIRO-290 [2] which enables
argon2, scrypt (tbd), bcrypt.
I need a design decision here before I can continue.
I would like to introduce a Shiro2 CryptFormat which can hold parameters
other than just the iteration count, and also the version. E.g. argon2
output looks like this:
$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
(which is: format-id, version, parameters, hash, salt)
scrypt:
$7$C6..../....testsalt$8iWefERUpfDgs0B1s2CCn0flMHOLqzCNVMn0AwxoEM8
(which is: format-id logN r p salt key)
bcrypt:
$2y$10$7rOjsAf2U/AKKqpMpCIn6e$tuOXyQ86tp2Tn9xv6FyXl2T0QYc3.G.
(which is: format-id, iterations, 22 chars Radix64 salt + rest radix64 data)
… where Radix64 = OpenBSD-BCrypt-Base64.
The current PR uses the shiro1 crypt format, which will also split up
bcrypt salt + hash using a '$', but will still retain the Radix64
implementation.
Questions from the PR:
1.) Introduce a new Shiro2 Crypt Format to better support parameters?
What would it look like? (PS: Please do not say \n-seperated JSON aka
JSON-lines)
2.) ditch bcrypt so we can also ditch the special OpenBSD-Bcrypt-Base64?
3.) API changes – are they okay the way they are?
Rest see PR.
Thanks!
Ben
[1]: https://github.com/apache/shiro/pull/273
[2]: https://issues.apache.org/jira/browse/SHIRO-290
