drmike01. Sorry for so late in seeing this. Are you sure???
That would be scary considering that the hash and the iterations is supposed to make it impossible for the dictionary attack to easily figure out password of password. If that is true then there is no reason to even encrypt it at all. the difference between in plain text and this encryption then would be just making it not readable to the visible eye. The whole purpose of Shiro's encryption here with SHA-128 or SHA-256 is that dictionary attacks would take a really long time, and that even if they figured one password out, that same "key" won't work on other accounts. Thanks Mark -- View this message in context: http://shiro-user.582556.n2.nabble.com/Encrypted-password-in-db-why-does-it-tell-the-Hash-and-iterations-in-it-tp7578510p7578619.html Sent from the Shiro User mailing list archive at Nabble.com.
