Hi Benjamin, I like the idea of a new Shiro2 CryptFormat with parameters.
About the bcrypt or OpenBSD-Bcrypt-Base64, I think we can drop some old crypt format, so I'm agree to ditch them. regards, François [email protected] Le 04/01/2021 à 15:33, Benjamin Marwell a écrit : > Hi everyone! > > There’s a new draft PR [1] for SHIRO-290 [2] which enables > argon2, scrypt (tbd), bcrypt. > > I need a design decision here before I can continue. > I would like to introduce a Shiro2 CryptFormat which can hold parameters > other than just the iteration count, and also the version. E.g. argon2 > output looks like this: > > > $argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG > (which is: format-id, version, parameters, hash, salt) > > scrypt: > $7$C6..../....testsalt$8iWefERUpfDgs0B1s2CCn0flMHOLqzCNVMn0AwxoEM8 > (which is: format-id logN r p salt key) > > bcrypt: > $2y$10$7rOjsAf2U/AKKqpMpCIn6e$tuOXyQ86tp2Tn9xv6FyXl2T0QYc3.G. > (which is: format-id, iterations, 22 chars Radix64 salt + rest radix64 data) > … where Radix64 = OpenBSD-BCrypt-Base64. > > The current PR uses the shiro1 crypt format, which will also split up > bcrypt salt + hash using a '$', but will still retain the Radix64 > implementation. > > Questions from the PR: > 1.) Introduce a new Shiro2 Crypt Format to better support parameters? > What would it look like? (PS: Please do not say \n-seperated JSON aka > JSON-lines) > 2.) ditch bcrypt so we can also ditch the special OpenBSD-Bcrypt-Base64? > 3.) API changes – are they okay the way they are? > > Rest see PR. > > Thanks! > Ben > > > [1]: https://github.com/apache/shiro/pull/273 > [2]: https://issues.apache.org/jira/browse/SHIRO-290 >
