You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Maria Jurcovicova (JIRA)" <ji...@apache.org> on 2011/06/03 12:17:47 UTC

[jira] [Created] (SHIRO-302) DefaultHasher does not generate random salt

DefaultHasher does not generate random salt
-------------------------------------------

                 Key: SHIRO-302
                 URL: https://issues.apache.org/jira/browse/SHIRO-302
             Project: Shiro
          Issue Type: Bug
          Components: Cryptography & Hashing
            Reporter: Maria Jurcovicova
         Attachments: patch-defaulthasher.patch

Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.

Random salt is generated, but never assigned (line 155):
        if (publicSaltBytes == null) {
            getRandomNumberGenerator().nextBytes().getBytes();
        }


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (SHIRO-302) DefaultHasher does not generate random salt

Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kalle Korhonen resolved SHIRO-302.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 1.2.0

Applied, thanks!

> DefaultHasher does not generate random salt
> -------------------------------------------
>
>                 Key: SHIRO-302
>                 URL: https://issues.apache.org/jira/browse/SHIRO-302
>             Project: Shiro
>          Issue Type: Bug
>          Components: Cryptography & Hashing
>            Reporter: Maria Jurcovicova
>            Assignee: Kalle Korhonen
>             Fix For: 1.2.0
>
>         Attachments: patch-defaulthasher.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
>         if (publicSaltBytes == null) {
>             getRandomNumberGenerator().nextBytes().getBytes();
>         }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (SHIRO-302) DefaultHasher does not generate random salt

Posted by "Maria Jurcovicova (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maria Jurcovicova updated SHIRO-302:
------------------------------------

    Attachment: patch-defaulthasher.patch

Attached patch assignes generated salt to the variable:
        if (publicSaltBytes == null) {
        	publicSaltBytes = getRandomNumberGenerator().nextBytes().getBytes();
        }

It adds unit test too.

> DefaultHasher does not generate random salt
> -------------------------------------------
>
>                 Key: SHIRO-302
>                 URL: https://issues.apache.org/jira/browse/SHIRO-302
>             Project: Shiro
>          Issue Type: Bug
>          Components: Cryptography & Hashing
>            Reporter: Maria Jurcovicova
>         Attachments: patch-defaulthasher.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
>         if (publicSaltBytes == null) {
>             getRandomNumberGenerator().nextBytes().getBytes();
>         }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Closed] (SHIRO-302) DefaultHasher does not generate random salt

Posted by "Les Hazlewood (Closed) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood closed SHIRO-302.
-------------------------------


Closing with the 1.2.0 release.
                
> DefaultHasher does not generate random salt
> -------------------------------------------
>
>                 Key: SHIRO-302
>                 URL: https://issues.apache.org/jira/browse/SHIRO-302
>             Project: Shiro
>          Issue Type: Bug
>          Components: Cryptography & Hashing
>            Reporter: Maria Jurcovicova
>            Assignee: Kalle Korhonen
>             Fix For: 1.2.0
>
>         Attachments: patch-defaulthasher.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
>         if (publicSaltBytes == null) {
>             getRandomNumberGenerator().nextBytes().getBytes();
>         }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Assigned] (SHIRO-302) DefaultHasher does not generate random salt

Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kalle Korhonen reassigned SHIRO-302:
------------------------------------

    Assignee: Kalle Korhonen

> DefaultHasher does not generate random salt
> -------------------------------------------
>
>                 Key: SHIRO-302
>                 URL: https://issues.apache.org/jira/browse/SHIRO-302
>             Project: Shiro
>          Issue Type: Bug
>          Components: Cryptography & Hashing
>            Reporter: Maria Jurcovicova
>            Assignee: Kalle Korhonen
>         Attachments: patch-defaulthasher.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Extract from DefaultHasher javadoc: When a salt is not specified in a request, this implementation generates secure random salts via its {@link #setRandomNumberGenerator(org.apache.shiro.crypto.RandomNumberGenerator) randomNumberGenerator} property.
> Random salt is generated, but never assigned (line 155):
>         if (publicSaltBytes == null) {
>             getRandomNumberGenerator().nextBytes().getBytes();
>         }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira