hashPassword()?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

hashPassword()?

Olaf
Hi,

I'm looking for a simple function that'll hash a password, like PHP's
password_hash: http://php.net/manual/en/function.password-hash.php

Does Shiro provide such a function?
I understand Shiro is an entire framework but currently my needs are limited
to a few simple functions.

A matching verifyPassword() would be nice as well. ;)
http://php.net/manual/en/function.password-verify.php

Gr,

Olaf



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: hashPassword()?

Brian Demers

On Fri, Jan 26, 2018 at 10:26 AM, Olaf <[hidden email]> wrote:
Hi,

I'm looking for a simple function that'll hash a password, like PHP's
password_hash: http://php.net/manual/en/function.password-hash.php

Does Shiro provide such a function?
I understand Shiro is an entire framework but currently my needs are limited
to a few simple functions.

A matching verifyPassword() would be nice as well. ;)
http://php.net/manual/en/function.password-verify.php

Gr,

Olaf



--
Sent from: http://shiro-user.582556.n2.nabble.com/

Reply | Threaded
Open this post in threaded view
|

Re: hashPassword()?

Olaf
In reply to this post by Olaf
I have, but it doesn't look like a good match.

Users shouldn't have to bother with salts. It should be like:

// String password;
String hash = hashPassword(password);

bool ok = verifyPassword(password, hash);

It it's not available it might be nice to add it.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: hashPassword()?

raupach
You can use the Shiro Command Line Hasher.

$ java -jar shiro-tools-hasher-1.3.2-cli.jar -gs -p

It generates somethings like this:

$shiro1$SHA-256$500000$E6PdauzOv8tHCyyUYSxOMQ==$HcTjCPThvdtntrRqxIrkaenilDlyMYBOb0Hb7VUfP5Y=

Shiro uses a so called modular crypto format. Salt, algorithm everything is stored in a single line.

The Credentials Matcher can interpret the modular crypto format.

> On 29. Jan 2018, at 10:28, Olaf <[hidden email]> wrote:
>
> I have, but it doesn't look like a good match.
>
> Users shouldn't have to bother with salts. It should be like:
>
> // String password;
> String hash = hashPassword(password);
>
> bool ok = verifyPassword(password, hash);
>
> It it's not available it might be nice to add it.
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/

Reply | Threaded
Open this post in threaded view
|

Re: hashPassword()?

Olaf
That's the functionality I'm looking for. What's the corresponding Java class
/ function?



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: hashPassword()?

Brian Demers

On Mon, Jan 29, 2018 at 8:55 AM, Olaf <[hidden email]> wrote:
That's the functionality I'm looking for. What's the corresponding Java class
/ function?