You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (Resolved) (JIRA)" <ji...@apache.org> on 2011/12/13 02:39:31 UTC
[jira] [Resolved] (SHIRO-213) Password and hash management
[ https://issues.apache.org/jira/browse/SHIRO-213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved SHIRO-213.
---------------------------------
Resolution: Fixed
Fix Version/s: 1.2.0
Implemented as part of SHIRO-280
> Password and hash management
> ----------------------------
>
> Key: SHIRO-213
> URL: https://issues.apache.org/jira/browse/SHIRO-213
> Project: Shiro
> Issue Type: New Feature
> Reporter: Alan Cabrera
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> Sometimes secure hashes are long lived. I usually will hash something but prefix the string to be hashed with a secret password; I will usually add a bit of salt too. Often I will need to change the password to that hash on a periodic basis. Sometimes I find out that a particular hash algorithm is no longer secure and need to change my hash. What do I do with the old hashes? How can I tell them apart from the new ones?
> What I do is store the hashes as tuples which contain enough information my code to figure out what hash to use. All of this applies to encryption as well.
> I'm wondering is if we should provide some kind of manager to manage all this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira