On 21/06/2012 11:17, Jesse van Bekkum wrote:
Just to make you guys aware, have a look at this library jasypt (
http://www.jasypt.org/).
It provides all the things mentioned in the articles, such as hashing,
salting and iteration out of the box.
Thanks for pointing this, Jesse: I've updated SYNCOPE-100 with this.
Regards.
On Thu, Jun 21, 2012 at 10:54 AM, Francesco Chicchiriccò <
[email protected]> wrote:
On 21/06/2012 09:23, Bob Lannoy wrote:
Hi guys,
Some reading material:
https://www.owasp.org/index.**php/Hashing_Java<https://www.owasp.org/index.php/Hashing_Java>
http://jerryorr.blogspot.be/**2012/05/secure-password-**
storage-lots-of-donts.html<http://jerryorr.blogspot.be/2012/05/secure-password-storage-lots-of-donts.html>
http://throwingfire.com/**storing-passwords-securely/<http://throwingfire.com/storing-passwords-securely/>
Nice insight: I'll add this to the roadmap.
Another remark, I find it strange that when reading a user object I can
get
the password. Wouldn't it make more sense to let this inside core?
Don't worry: the password you will get is encrypted with the selected
algorithm.
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
