Hi, In a database along with the hashed password I am storing the hash algorithm, iterations and salt. Initially I planned to store these in separate columns but have recently come across some of the HashFormat classes (in particular Shiro1CryptFormat and ModularCryptFormat) and am confused on how best to use them.
Originally I planned to return my own AuthenticationInfo (that extended SaltedAuthenticationInfo) with some additional information. But now I am thinking of storing the formatted hash (which includes the algorithm etc...) I don't think I need my own auth info. Even more I don't think I need the SaltedAuthenticationInfo since the salt will just be part of the formatted credentials (in a normal AuthenticationInfo). So my questions are: 1) If my password hash is formatted (as per Shiro1Crypt of ModularCrypt format) should I return just a simple AuthentiationInfo or a SaltedAuthenticationInfo? 2) Since we may change the algorithm over time what would be the best db field type/length to store the formatted password hash in? TEXT? Hope my question makes sense! Cheers, Stuart
