Okay is if I have stored my password in my DB with SHA256 encryption, can
the credential handler declared in the realm work if the it is declared
with SHA512 ?
As far as I know it must be same algorithm, salt and iterations for the
hash to be matched perfectly.
Now take my case-:
<CredentialHandler className =
"org.apache.catalina.realm.SecretKeyCredentialHandler"
algorithm = "PBEWITHMD5ANDTRIPLEDES"
/>
Okay this my credential handler that I am using. In my DB the password is
stored using PBEWITHHMACSHA384ANDAES_256. A completely different algorithm
that the one specified before. So how come when I put in my user-id and
password on my form-login page I am not getting an authentication error
instead I am being forwarded to the protected resource.
It should use the algorithm in the CredentialHandler to mutate the
password. Now don't tell me that two different algorithms offer the same
hash.
What is going on here ?
Regards
Sreyan Chakravarty
