[
https://issues.apache.org/jira/browse/SHIRO-290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13713799#comment-13713799
]
Les Hazlewood commented on SHIRO-290:
-------------------------------------
As an approach, that'd be fine. But I'm not so sure about jBcrypt itself: when
I looked into its algorithm almost a year ago, it did not appear to implement
the Eksblowfish algorithm correctly (Section 4 in this paper written by the
BCrypt authors: https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf).
One test might be to perform a BCrypt hash on unix and then, using the same
password, attempt the BCrypt hash via jBcrypt - if they two results are
identical, jBcrypt is probably fine, but I'd want to test the algorithm myself.
> Create a BCrypt Hash implementation
> -----------------------------------
>
> Key: SHIRO-290
> URL: https://issues.apache.org/jira/browse/SHIRO-290
> Project: Shiro
> Issue Type: New Feature
> Components: Cryptography & Hashing
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.3.0
>
>
> Enable BCrypt hashing for those that wish to use it. The following code can
> probably be modified and included (it is a BSD license):
> http://www.mindrot.org/projects/jBCrypt/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
