You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Olaf <ol...@gmail.com> on 2018/01/26 15:26:48 UTC
hashPassword()?
Hi,
I'm looking for a simple function that'll hash a password, like PHP's
password_hash: http://php.net/manual/en/function.password-hash.php
Does Shiro provide such a function?
I understand Shiro is an entire framework but currently my needs are limited
to a few simple functions.
A matching verifyPassword() would be nice as well. ;)
http://php.net/manual/en/function.password-verify.php
Gr,
Olaf
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: hashPassword()?
Posted by Brian Demers <br...@gmail.com>.
Take a look at the CredentialMatcher:
https://shiro.apache.org/realm.html#Realm-CredentialsMatching
On Fri, Jan 26, 2018 at 10:26 AM, Olaf <ol...@gmail.com> wrote:
> Hi,
>
> I'm looking for a simple function that'll hash a password, like PHP's
> password_hash: http://php.net/manual/en/function.password-hash.php
>
> Does Shiro provide such a function?
> I understand Shiro is an entire framework but currently my needs are
> limited
> to a few simple functions.
>
> A matching verifyPassword() would be nice as well. ;)
> http://php.net/manual/en/function.password-verify.php
>
> Gr,
>
> Olaf
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: hashPassword()?
Posted by Brian Demers <br...@gmail.com>.
Take a look:
https://github.com/apache/shiro/blob/master/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
On Mon, Jan 29, 2018 at 8:55 AM, Olaf <ol...@gmail.com> wrote:
> That's the functionality I'm looking for. What's the corresponding Java
> class
> / function?
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: hashPassword()?
Posted by Olaf <ol...@gmail.com>.
That's the functionality I'm looking for. What's the corresponding Java class
/ function?
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: hashPassword()?
Posted by Björn Raupach <ra...@me.com>.
You can use the Shiro Command Line Hasher.
$ java -jar shiro-tools-hasher-1.3.2-cli.jar -gs -p
It generates somethings like this:
$shiro1$SHA-256$500000$E6PdauzOv8tHCyyUYSxOMQ==$HcTjCPThvdtntrRqxIrkaenilDlyMYBOb0Hb7VUfP5Y=
Shiro uses a so called modular crypto format. Salt, algorithm everything is stored in a single line.
The Credentials Matcher can interpret the modular crypto format.
> On 29. Jan 2018, at 10:28, Olaf <ol...@gmail.com> wrote:
>
> I have, but it doesn't look like a good match.
>
> Users shouldn't have to bother with salts. It should be like:
>
> // String password;
> String hash = hashPassword(password);
>
> bool ok = verifyPassword(password, hash);
>
> It it's not available it might be nice to add it.
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Re: hashPassword()?
Posted by Olaf <ol...@gmail.com>.
I have, but it doesn't look like a good match.
Users shouldn't have to bother with salts. It should be like:
// String password;
String hash = hashPassword(password);
bool ok = verifyPassword(password, hash);
It it's not available it might be nice to add it.
--
Sent from: http://shiro-user.582556.n2.nabble.com/