As an Apache Shiro PMC member, I have occasionally contact to cryptographic functions. For example, Shiro 1.x allows hashed passwords in your
Now, everyone should know by now that just hashing (and salting) a password is not a good protection against brute force attacks. Even with hundreds or thousands of iterations, such a password can be prone to brute force attacks nowadays. This it is not a surprise that Lez Hazlewood (the original creator of Apache Shiro) had the idea to add an bcrypt implementation.