So, I was thinking that for my user in my database that the password would just be the encrypted password. However, looking in the database it has $Shiro$<encryptionType>$<numberOfIterations>$<encryptedpassword>
Where it is explicit in the type and number of Iterations. I would think that information as well as the salt would need to be stored somewhere else and not right there with the password. I would think if someone got the data from the database knowing that knowledge they could decrypt the passwords much easier. Thanks Mark -- View this message in context: http://shiro-user.582556.n2.nabble.com/Encrypted-password-in-db-why-does-it-tell-the-Hash-and-iterations-in-it-tp7578510.html Sent from the Shiro User mailing list archive at Nabble.com.
