Thanks so it will work with Shiro? I'm surprised shiro doesn't have nything for this...
> Date: Wed, 17 Sep 2014 01:16:49 -0700 > From: [email protected] > To: [email protected] > Subject: Re: SHA-256/SHA-512 not secure enough for passwords? > > bcrypt is very easy and very secure. > > Spring has a simple to use abstraction on top of it. > > eg. > > > *import static org.springframework.security.crypto.bcrypt.BCrypt > > String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt(LOG_ROUNDS)); > > boolean match = BCrypt.checkpw(password, hashedPassword); // match == true* > > > > More details on why bcrypt is your friend. > http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage > > > bcrypt has a nice built in salt. See. > http://stackoverflow.com/questions/277044/do-i-need-to-store-the-salt-with-bcrypt > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/SHA-256-SHA-512-not-secure-enough-for-passwords-tp7580224p7580226.html > Sent from the Shiro User mailing list archive at Nabble.com.
