[Yanel-dev] SHA-256 introduced for encrypting passwords
Michael Wechner
michael.wechner at wyona.com
Wed Jun 8 15:22:53 CEST 2011
Hi
For security reasons we have introduced SHA-256 (replacing MD5) inside
org.wyona.security.core.api.User#authenticate(java.lang.String)
whereas it's backwards compatible in the sense that
<password>5fe7da0fb203fa7726986dbace882c20</password>
is still treated as MD5, whereas we have introduced an "algorithm"
attribute to differentiate the various encryption algorithms
<password
algorithm="SHA-256">4e34cef21c84eb8f6825477f7528540ee8259dce2d86770f7f4c4bd299461027</password>
<salt>849606beb9a4c159</salt>
A problem might occur if you inherit/override this method. If so please
make sure to "upgrade" accordingly.
Thanks
Michael
More information about the Yanel-development
mailing list