Okay is if I have stored my password in my DB with SHA256 encryption, can the credential handler declared in the realm work if the it is declared with SHA512 ?
As far as I know it must be same algorithm, salt and iterations for the hash to be matched perfectly. Now take my case-: <CredentialHandler className = "org.apache.catalina.realm.SecretKeyCredentialHandler" algorithm = "PBEWITHMD5ANDTRIPLEDES" /> Okay this my credential handler that I am using. In my DB the password is stored using PBEWITHHMACSHA384ANDAES_256. A completely different algorithm that the one specified before. So how come when I put in my user-id and password on my form-login page I am not getting an authentication error instead I am being forwarded to the protected resource. It should use the algorithm in the CredentialHandler to mutate the password. Now don't tell me that two different algorithms offer the same hash. What is going on here ? Regards Sreyan Chakravarty