Hi Jakub, Can you not use BCryptProvider to accomplish this? If I am not understanding your issue, can you provide a code sample?
Thank you! > On May 16, 2023, at 6:32 AM, Jakub Herkel <jher...@gmail.com> wrote: > > Hi, > > I tried an upcoming version of apache shiro (alpha 2) under Karaf and > I have some questions: > 1) We configure our application security with one config file (Shiro, > internal configuration) where we also want to setup a hash provider > and its configuration. But I don't see any way how I can setup cost > for bcrypt or parameter for argon2id if I want to use > DefaultPasswordService and DefaultHashService. Is there any way how to > do it? > 2) We would like to "upgrade" the hash if the hash provider was > changed (for example change bcrypt cost from 12 to 13). So when a user > is authorized we can also check if a new algorithm and an old > algorithm are the same. If they are, we will save a new computed hash. > But I don't know how to get an algorithm setup from the hash because > BCryptHash class isn't public. > > I appreciate for every advice you can give.
