You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shiro.apache.org by "bmarwell (via GitHub)" <gi...@apache.org> on 2023/10/16 18:56:32 UTC

Re: [I] [Question] Can shiro 2.0 + use shiro 1 's hash Algorithm, such as "SHA-256" ? [shiro]

bmarwell commented on issue #1022:
URL: https://github.com/apache/shiro/issues/1022#issuecomment-1765098534

   Hey @sam2099!
   
   Side question: @bdemers  I think we talked about an upgrade path two years ago. 
   IIRC we came to the conclusion, that the best thing an application can do is to ask users to generate new passwords (e.g. reset via email), even if they set the same password again.
   
   While it would not hurt to READ old passwords ONCE, we (Shiro) would  not be able if it was still used for storage again. I think this is why support was dropped altogether.
   
   Does that help?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@shiro.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@shiro.apache.org
For additional commands, e-mail: issues-help@shiro.apache.org