Hi Stuart,
Thx for reply !
Isn't it dangerous to store the algo and the iteration ? An attacker should
be glad to have those informations !
No?
What do you think about the second part of my mail ? It seams in the
JdbcReam.doGetAuthenticationInfo()
if (salt != null) {
info.setCredentialsSalt(ByteSource.Util.bytes(salt));
}
The salt is well get back from the database but here modified. Do i use well
the tool??
Regards
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Store-hash-and-salt-in-a-database-tp7580766p7580769.html
Sent from the Shiro User mailing list archive at Nabble.com.
