Hi everybody, Just a little question : what is the best way to store hash/salt in a database ? A user table with - hash and salt columns and then use HashedCredentialsMatcher (for example) OR - password column and then use PasswordMatcher (pass generated by the hasher tool) - something else...
salt must be hashed too BTW, i notice that when i use the hasher tool java -jar shiro-tools-hasher-1.2.4-cli.jar -p -s mySalt -ngs -i 200000 -a SHA-512 and then i "copy/paste" the hashed salt and the hashed password into the salt and hash columns, the login failed. It works well only if i copy/paste the salt in plaintext (mySalt in the example)... It means that to work, i must reused the tool with the hashed salt. Then putting the hashed salt of the first step in the salt colum and the hashed password of the second step into the hash column, it works ! Strange... ? Regards -- View this message in context: http://shiro-user.582556.n2.nabble.com/Store-hash-and-salt-in-a-database-tp7580766.html Sent from the Shiro User mailing list archive at Nabble.com.
