Hi, These links might be useful:
https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html https://pythonhosted.org/passlib/modular_crypt_format.html I think using the MCF format is a good idea as it means the passwords can be automatically re-encrypted later if you change the algorithm. Cheers, Stuart On Fri, Sep 18, 2015 at 10:34 AM, Oncle Zebulon <[email protected]> wrote: > Hi everybody, > > Just a little question : what is the best way to store hash/salt in a > database ? > A user table with > - hash and salt columns and then use HashedCredentialsMatcher (for example) > OR > - password column and then use PasswordMatcher (pass generated by the > hasher > tool) > - something else... > > salt must be hashed too > > BTW, i notice that when i use the hasher tool > java -jar shiro-tools-hasher-1.2.4-cli.jar -p -s mySalt -ngs -i 200000 -a > SHA-512 > and then i "copy/paste" the hashed salt and the hashed password into the > salt and hash columns, the login failed. It works well only if i copy/paste > the salt in plaintext (mySalt in the example)... It means that to work, i > must reused the tool with the hashed salt. Then putting the hashed salt of > the first step in the salt colum and the hashed password of the second step > into the hash column, it works ! Strange... ? > > Regards > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Store-hash-and-salt-in-a-database-tp7580766.html > Sent from the Shiro User mailing list archive at Nabble.com. >
