Hi, there is one thing: DefaultHasher takes algorithm name as a parameter and then uses an instance of simple hash to hash passwords. It is not possible to supply it with an arbitrary instance of Hash interface implementation.
For example, if BCrypt hashing would be implemented ( https://issues.apache.org/jira/browse/SHIRO-290), it would be impossible to use it with DefaultHasher. As I understand it, BCrypt is now recommended for password hashing. With Regards, Maria Jurcovicova On Fri, Jun 3, 2011 at 7:21 PM, Les Hazlewood <[email protected]> wrote: > Thanks for this Maria and Kalle. > > Just a quick note though - the Hasher stuff I wrote is still in flux - > it's not necessarily scoped out to how it should/could be before being > 'releasable'. Any thoughts or feedback is appreciated! > > Cheers, > > Les > > On Fri, Jun 3, 2011 at 7:52 AM, <[email protected]> wrote: > > Author: kaosko > > Date: Fri Jun 3 14:52:04 2011 > > New Revision: 1131059 > > ... >
