I was thinking that we should have a CredentialsManager interface that knows about hashing and encryption and performs all of this for end-users. This name is inline with the existing authc 'credential' package. I'd like to avoid creating something like 'PasswordManager' or 'EncryptionManager': the former implies it is limited to passwords only, whereas any credential could technically be hashed/encrypted and the latter implies its primary purpose is associated with cryptography and/or ciphers.
Also, we already have Hash and CipherService concepts in Shiro (no need for something like Encryptor that I can see) - the CredentialsManager would just sit a level above these and use them both, probably along with a RandomNumberGenerator and tie all three things together. Finally, it doesn't make sense to me to have a 'key' attribute forced upon a Hash interface. Hashes have no concept of a 'key' and that shouldn't be reflected in the core interface. I'm also confused as to why the Encrypted interface (and it's 'key') would exist, especially when ByteSource already exists. Just thinking out loud. Thanks for any clarification! Cheers, Les
