MilovdZee commented on a change in pull request #336: URL: https://github.com/apache/tomcat/pull/336#discussion_r467133771
########## File path: java/org/apache/catalina/realm/MessageDigestCredentialHandler.java ########## @@ -32,16 +32,13 @@ /** * This credential handler supports the following forms of stored passwords: * <ul> - * <li><b>encodedCredential</b> - a hex encoded digest of the password digested - * using the configured digest</li> - * <li><b>{MD5}encodedCredential</b> - a Base64 encoded MD5 digest of the - * password</li> - * <li><b>{SHA}encodedCredential</b> - a Base64 encoded SHA1 digest of the - * password</li> - * <li><b>{SSHA}encodedCredential</b> - 20 character salt followed by the salted - * SHA1 digest Base64 encoded</li> - * <li><b>salt$iterationCount$encodedCredential</b> - a hex encoded salt, - * iteration code and a hex encoded credential, each separated by $</li> + * <li><b>encodedCredential</b> - a hex encoded digest of the password digested using the configured digest</li> + * <li><b>{MD5}encodedCredential</b> - a Base64 encoded MD5 digest of the password</li> + * <li><b>{SHA}encodedCredential</b> - a Base64 encoded SHA1 digest of the password</li> + * <li><b>{SSHA}encodedCredential</b> - 20 character SHA1 digest Base64 encoded followed by salt</li> + * <li><b>{SSHA2}encodedCredential</b> - 20 character salt followed by the salted digest Base64 encoded</li> Review comment: Fixed. I started by using SSHA2 but that suggested that it used SHA-2 what is not the case. It could use SHA-2 but it could just as well use SHA-512. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org