it does, http://shiro.apache.org/cryptography-features.html
On 17 September 2014 13:11, Konrad Zuse <[email protected]> wrote: > Thanks so it will work with Shiro? I'm surprised shiro doesn't have > nything for this... > > > Date: Wed, 17 Sep 2014 01:16:49 -0700 > > From: [email protected] > > To: [email protected] > > Subject: Re: SHA-256/SHA-512 not secure enough for passwords? > > > > bcrypt is very easy and very secure. > > > > Spring has a simple to use abstraction on top of it. > > > > eg. > > > > > > *import static org.springframework.security.crypto.bcrypt.BCrypt > > > > String hashedPassword = BCrypt.hashpw(password, > BCrypt.gensalt(LOG_ROUNDS)); > > > > boolean match = BCrypt.checkpw(password, hashedPassword); // match == > true* > > > > > > > > More details on why bcrypt is your friend. > > > http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage > > > > > > bcrypt has a nice built in salt. See. > > > http://stackoverflow.com/questions/277044/do-i-need-to-store-the-salt-with-bcrypt > > > > > > > > -- > > View this message in context: > http://shiro-user.582556.n2.nabble.com/SHA-256-SHA-512-not-secure-enough-for-passwords-tp7580224p7580226.html > > Sent from the Shiro User mailing list archive at Nabble.com. >
