You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Maria Jurcovicova (JIRA)" <ji...@apache.org> on 2011/06/03 12:17:47 UTC
[jira] [Created] (SHIRO-302) DefaultHasher does not generate random
salt
DefaultHasher does not generate random salt
-------------------------------------------
Key: SHIRO-302
URL: https://issues.apache.org/jira/browse/SHIRO-302
Project: Shiro
Issue Type: Bug
Components: Cryptography & Hashing
Reporter: Maria Jurcovicova
Attachments: patch-defaulthasher.patch
Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
Random salt is generated, but never assigned (line 155):
if (publicSaltBytes == null) {
getRandomNumberGenerator().nextBytes().getBytes();
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SHIRO-302) DefaultHasher does not generate
random salt
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen resolved SHIRO-302.
----------------------------------
Resolution: Fixed
Fix Version/s: 1.2.0
Applied, thanks!
> DefaultHasher does not generate random salt
> -------------------------------------------
>
> Key: SHIRO-302
> URL: https://issues.apache.org/jira/browse/SHIRO-302
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Reporter: Maria Jurcovicova
> Assignee: Kalle Korhonen
> Fix For: 1.2.0
>
> Attachments: patch-defaulthasher.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
> if (publicSaltBytes == null) {
> getRandomNumberGenerator().nextBytes().getBytes();
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHIRO-302) DefaultHasher does not generate random
salt
Posted by "Maria Jurcovicova (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Jurcovicova updated SHIRO-302:
------------------------------------
Attachment: patch-defaulthasher.patch
Attached patch assignes generated salt to the variable:
if (publicSaltBytes == null) {
publicSaltBytes = getRandomNumberGenerator().nextBytes().getBytes();
}
It adds unit test too.
> DefaultHasher does not generate random salt
> -------------------------------------------
>
> Key: SHIRO-302
> URL: https://issues.apache.org/jira/browse/SHIRO-302
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Reporter: Maria Jurcovicova
> Attachments: patch-defaulthasher.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
> if (publicSaltBytes == null) {
> getRandomNumberGenerator().nextBytes().getBytes();
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (SHIRO-302) DefaultHasher does not generate random
salt
Posted by "Les Hazlewood (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood closed SHIRO-302.
-------------------------------
Closing with the 1.2.0 release.
> DefaultHasher does not generate random salt
> -------------------------------------------
>
> Key: SHIRO-302
> URL: https://issues.apache.org/jira/browse/SHIRO-302
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Reporter: Maria Jurcovicova
> Assignee: Kalle Korhonen
> Fix For: 1.2.0
>
> Attachments: patch-defaulthasher.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
> if (publicSaltBytes == null) {
> getRandomNumberGenerator().nextBytes().getBytes();
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (SHIRO-302) DefaultHasher does not generate
random salt
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen reassigned SHIRO-302:
------------------------------------
Assignee: Kalle Korhonen
> DefaultHasher does not generate random salt
> -------------------------------------------
>
> Key: SHIRO-302
> URL: https://issues.apache.org/jira/browse/SHIRO-302
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Reporter: Maria Jurcovicova
> Assignee: Kalle Korhonen
> Attachments: patch-defaulthasher.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
> if (publicSaltBytes == null) {
> getRandomNumberGenerator().nextBytes().getBytes();
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira