Hi --

We are having difficulty because the UTF-8 encoding has changed between Java
1.6 releases.  In particular, we are running 1.6.0_10 and find that
passwords are encoded to UTF-8 format differently than in 1.6.0_24.  Here is
some official documentation describing it:

http://www.oracle.com/technetwork/java/javase/6u11-139394.html

My understanding is that Shiro relies on the UTF-8 format being "standard"
and reproducible.  Interestingly, Sun also made a change to the UTF-8 format
in Java 1.5.

In Shiro, the password is entered as a String and then converted to UTF-8
format before hashing.  As you can imagine, I'm having a lot of trouble
trying to figure out how to migrate old passwords to a new format!!  But, I
wanted to make you aware of this issue -- perhaps, Shiro should encode using
UTF-32 format instead since that format truly can't change.

Dan


--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/UTF-8-password-encoding-issue-with-Java-1-6-releases-tp6308011p6308011.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to