bcrypt is very easy and very secure. Spring has a simple to use abstraction on top of it.
eg. *import static org.springframework.security.crypto.bcrypt.BCrypt String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt(LOG_ROUNDS)); boolean match = BCrypt.checkpw(password, hashedPassword); // match == true* More details on why bcrypt is your friend. http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage bcrypt has a nice built in salt. See. http://stackoverflow.com/questions/277044/do-i-need-to-store-the-salt-with-bcrypt -- View this message in context: http://shiro-user.582556.n2.nabble.com/SHA-256-SHA-512-not-secure-enough-for-passwords-tp7580224p7580226.html Sent from the Shiro User mailing list archive at Nabble.com.
