Hi Oncle, Sorry I meant to paste this link:
https://shiro.apache.org/static/1.2.1/apidocs/org/apache/shiro/crypto/hash/format/Shiro1CryptFormat.html Cheers, Stuart On Fri, Sep 18, 2015 at 10:49 AM, Stuart Broad <[email protected]> wrote: > Hi, > > These links might be useful: > > > https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html > > > https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html > > https://pythonhosted.org/passlib/modular_crypt_format.html > > I think using the MCF format is a good idea as it means the passwords can > be automatically re-encrypted later if you change the algorithm. > > Cheers, > > Stuart > > On Fri, Sep 18, 2015 at 10:34 AM, Oncle Zebulon <[email protected]> > wrote: > >> Hi everybody, >> >> Just a little question : what is the best way to store hash/salt in a >> database ? >> A user table with >> - hash and salt columns and then use HashedCredentialsMatcher (for >> example) >> OR >> - password column and then use PasswordMatcher (pass generated by the >> hasher >> tool) >> - something else... >> >> salt must be hashed too >> >> BTW, i notice that when i use the hasher tool >> java -jar shiro-tools-hasher-1.2.4-cli.jar -p -s mySalt -ngs -i 200000 -a >> SHA-512 >> and then i "copy/paste" the hashed salt and the hashed password into the >> salt and hash columns, the login failed. It works well only if i >> copy/paste >> the salt in plaintext (mySalt in the example)... It means that to work, i >> must reused the tool with the hashed salt. Then putting the hashed salt of >> the first step in the salt colum and the hashed password of the second >> step >> into the hash column, it works ! Strange... ? >> >> Regards >> >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Store-hash-and-salt-in-a-database-tp7580766.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
