Hi, I use java.security.MessageDigest in a simple class converting a string (password) to a hashed string using SHA. If SHA becomes too weak, I could easily change to better algos.
Stefan Bachert http://gwtworld.de On 11 Jul., 12:49, sbrombo <[email protected]> wrote: > Hi everyone, > > I'm looking for a good way to store user passwords and have found two > potential solutions. > > - jBCrypt (Blowfish), as suggested in the LoginSecurityFAQ by Reinier > of the GWT-incubator project, and > - jasypt (SHA), found googling. > > Both are mentioned in a very old discussion (2008) about the > LoginSecurityFAQ on this group. > Since some time has passed, I would like to hear your opinions and > experiences with either as I have not found thorough reviews written > by security experts. > > Regards, > M. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
