DefaultHasher does not generate random salt
-------------------------------------------
Key: SHIRO-302
URL: https://issues.apache.org/jira/browse/SHIRO-302
Project: Shiro
Issue Type: Bug
Components: Cryptography & Hashing
Reporter: Maria Jurcovicova
Attachments: patch-defaulthasher.patch
Extract from DefaultHasher javadoc: When a salt is not specified in a request,
this implementation generates secure random salts via its {@link
#setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator)
randomNumberGenerator} property.
Random salt is generated, but never assigned (line 155):
if (publicSaltBytes == null) {
getRandomNumberGenerator().nextBytes().getBytes();
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
