I think that section is a bit dated (for Shiro 1.1, I would guess). Shiro 1.2 has a PasswordMatcher service that is much simpler to use. The relevant bits from shiro.ini would look something like:
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService # configure the passwordService to use the settings you desire passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher passwordMatcher.passwordService = $passwordService # Finally, set the matcher on a realm that requires password matching for account authentication: myRealm.credentialsMatcher = $passwordMatcher By default, this uses a random salt, multiple iterations, and SHA-256, so it's much more robust than what you found, and much simpler to use. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Is-password-hashing-enough-tp7577522p7577523.html Sent from the Shiro User mailing list archive at Nabble.com.
