Following on with the MD5 + salt advice, the Jasypt project (http://www.jasypt.org/) looks to be the way I'd go if I needed to do this.
See http://www.jasypt.org/howtoencryptuserpasswords.html for a recap of what's been discussed here. /Gwyn On 04/12/2007, John Krasnay <[EMAIL PROTECTED]> wrote: > On Tue, Dec 04, 2007 at 03:41:03PM +0100, Sebastiaan van Erk wrote: > > > > My original point was that MD5 hash plus salt is adequate in most use > > cases; and I still stand by that. If you're developing a high profile > > site, then I STRONGLY suggest you hire a security expert to audit your > > entire site: security policy, operating procedures, and systems. > > Agreed on both points. > > jk > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Download Wicket 1.3.0-rc1 now! - http://wicketframework.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
