Just to make you guys aware, have a look at this library jasypt ( http://www.jasypt.org/).
It provides all the things mentioned in the articles, such as hashing, salting and iteration out of the box. Jesse van Bekkum On Thu, Jun 21, 2012 at 10:54 AM, Francesco Chicchiriccò < [email protected]> wrote: > On 21/06/2012 09:23, Bob Lannoy wrote: > >> Hi guys, >> >> >> Some reading material: >> https://www.owasp.org/index.**php/Hashing_Java<https://www.owasp.org/index.php/Hashing_Java> >> http://jerryorr.blogspot.be/**2012/05/secure-password-** >> storage-lots-of-donts.html<http://jerryorr.blogspot.be/2012/05/secure-password-storage-lots-of-donts.html> >> http://throwingfire.com/**storing-passwords-securely/<http://throwingfire.com/storing-passwords-securely/> >> > > Nice insight: I'll add this to the roadmap. > > > Another remark, I find it strange that when reading a user object I can >> get >> the password. Wouldn't it make more sense to let this inside core? >> > > Don't worry: the password you will get is encrypted with the selected > algorithm. > > Regards. > > -- > Francesco Chicchiriccò > > ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member > http://people.apache.org/~**ilgrosso/<http://people.apache.org/~ilgrosso/> > >
