Hi Benjamin, I will take a look at your PR soon.
regards, François fpa...@apache.org Le 07/01/2021 à 09:19, Benjamin Marwell a écrit : > Hi everyone, > > argon2 and bcrypt are now implemented via the new default Shiro2 format. > It is fully backwards compatible with the Shiro1 crypt format. > Current PR: > https://github.com/apache/shiro/pull/273 > > I would need a second look at the only failing test: > DefaultPasswordService.testStringComparisonWhenNotUsingAParsableHashFormat > I am not sure yet if it actually makes sense. > Maybe we can just deprecate or even remove the non-KDF formats? > > Am Di., 5. Jan. 2021 um 15:09 Uhr schrieb Francois Papon < > francois.pa...@openobject.fr>: > >> Hi Benjamin, >> >> I like the idea of a new Shiro2 CryptFormat with parameters. >> >> About the bcrypt or OpenBSD-Bcrypt-Base64, I think we can drop some old >> crypt format, so I'm agree to ditch them. >> >> regards, >> >> François >> fpa...@apache.org >> >> Le 04/01/2021 à 15:33, Benjamin Marwell a écrit : >>> Hi everyone! >>> >>> There’s a new draft PR [1] for SHIRO-290 [2] which enables >>> argon2, scrypt (tbd), bcrypt. >>> >>> I need a design decision here before I can continue. >>> I would like to introduce a Shiro2 CryptFormat which can hold parameters >>> other than just the iteration count, and also the version. E.g. argon2 >>> output looks like this: >>> >>> >>> >> $argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG >>> (which is: format-id, version, parameters, hash, salt) >>> >>> scrypt: >>> $7$C6..../....testsalt$8iWefERUpfDgs0B1s2CCn0flMHOLqzCNVMn0AwxoEM8 >>> (which is: format-id logN r p salt key) >>> >>> bcrypt: >>> $2y$10$7rOjsAf2U/AKKqpMpCIn6e$tuOXyQ86tp2Tn9xv6FyXl2T0QYc3.G. >>> (which is: format-id, iterations, 22 chars Radix64 salt + rest radix64 >> data) >>> … where Radix64 = OpenBSD-BCrypt-Base64. >>> >>> The current PR uses the shiro1 crypt format, which will also split up >>> bcrypt salt + hash using a '$', but will still retain the Radix64 >>> implementation. >>> >>> Questions from the PR: >>> 1.) Introduce a new Shiro2 Crypt Format to better support parameters? >>> What would it look like? (PS: Please do not say \n-seperated JSON >> aka >>> JSON-lines) >>> 2.) ditch bcrypt so we can also ditch the special OpenBSD-Bcrypt-Base64? >>> 3.) API changes – are they okay the way they are? >>> >>> Rest see PR. >>> >>> Thanks! >>> Ben >>> >>> >>> [1]: https://github.com/apache/shiro/pull/273 >>> [2]: https://issues.apache.org/jira/browse/SHIRO-290 >>>
