Skip to content

Tag: Security (en)

Security is a term describing the (un-)affectedness of an attack. It’s about gaining and protecting private information (and keeping them private), protection and monitoring of modifications on data, etc.

Apache Shiro: implementing new password hashing algorithms

As an Apache Shiro PMC member, I have occasionally contact to cryptographic functions. For example, Shiro 1.x allows hashed passwords in your shiro.ini configuration.

Now, everyone should know by now that just hashing (and salting) a password is not a good protection against brute force attacks. Even with hundreds or thousands of iterations, such a password can be prone to brute force attacks nowadays. This it is not a surprise that Lez Hazlewood (the original creator of Apache Shiro) had the idea to add an bcrypt implementation.