Yes, for now it is only the appended part which is blocking. But I could also imagine other algorithms that are not supported now, think about pepper or adding the salt every iteration. In my opinion it would be great to add the possibility to choose your hash class, just like you select your password encoder for example. But if I am really the only one with this problem, than this might be an overkill.
And in addition I wondered why this relatively simple hashing is delegated to apache shiro while you can write it yourself with only the java.security.MessageDigest dependency in almost the same amount of lines. The 'default' MessageDigest also supports all the algorithms. IMO this would simplify the code quite a lot. (This is how I fixed it for myself now). Op woensdag 20 september 2017 14:47:55 UTC+2 schreef Misagh Moayyed: > > Hi Cas Community, > > > I am trying to setup a cas server with query and encode database > authentication handler. In the current application, the encrypted password > is calculated with 20 runs of SHA-512 with an APPENDED salt. However since > this encoding is delegated to Apache Shiro's DefaultHashService, it is not > possible to change this hashing behavior. > > What does the hash service currently not do that you want it to do? it has > support for number of iterations, salt and algorithms. Is it just the > "appended salt" behavior that you cant have? > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e17cfded-561e-4672-ab88-7bc5ac453114%40apereo.org.
