Skip to content

Bens IT-Comments Posts

Apache Shiro: implementing new password hashing algorithms

As an Apache Shiro PMC member, I have occasionally contact to cryptographic functions. For example, Shiro 1.x allows hashed passwords in your shiro.ini configuration.

Now, everyone should know by now that just hashing (and salting) a password is not a good protection against brute force attacks. Even with hundreds or thousands of iterations, such a password can be prone to brute force attacks nowadays. This it is not a surprise that Lez Hazlewood (the original creator of Apache Shiro) had the idea to add an bcrypt implementation.

Maven JLink Plugin Version 3.1.0 released

The Apache Maven team is pleased to announce the release of the Apache Maven JLink Plugin, version 3.1.0.

This plugin is used to create a JLink distribution using Maven. It is as easy as creating a jar file, but will instead create a zip file containing a reduced Java Runtime along with a launcher script, as well as the actual application of course. A JLink zip file is therefore platform dependent.