Hello all, I am working on a project that works with another language, and we were originally going to do the upload on their end(before getting into using Shiro) but then I realize that I couldn't use the same algorithms so we would have to make a custom one that would work for both of us (if it would work at all[I'm assuming Shiro can work with custom algorithms or...])?
WE then decided it would be better if I did the upload since I found out the program is standalone from the main one, so I could do it on my own with this other application. I have some examples I have seen, but this one seems to have a lot of info. https://github.com/pires/simple-shiro-web-app/commit/dce2578cb658d2ec05c597b29c0617b2ac5f6023 at the bottom. -#sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher -#sha256Matcher.hashAlgorithmName=SHA-256 -#sha256Matcher.hashIterations=500000 -passwordMatcher = org.apache.shiro.authc.credential.TempFixPasswordMatcher +passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher passwordService = org.apache.shiro.authc.credential.DefaultPasswordService passwordMatcher.passwordService = $passwordService So initially we had to create it on our own, but now there is the default, but how does the matching work? When I initially create the password, like shown here http://shiro.apache.org/command-line-hasher.html How do we use the same hash algorithm for both the creation of the hashed pw, and the verification when a user tries to login (I heard the hash is random each time? but that kind of doens't make too much sense)... So is the password lets say "123" hashed the same for the same configuration we do i.e., +passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher which has the default of apparently SHA-256, 500,000 iteration, and a 16-b salt? So would this mean regardless of what application I am running as long as I use the same configuration it wouldn't matter? I might do this all via my webapplication, but since I am new to it, I believe a buddy told me that I have to learn about rest and such for file uploading and that using a regular client-server desktop application would be easier, but I do not know. Thank you for your time. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Using-shiro-with-multiple-applications-accessing-the-same-hashed-data-in-a-db-general-hashing-questi-tp7580167.html Sent from the Shiro User mailing list archive at Nabble.com.
