+------------------------+
Jasypt Users List
http://www.jasypt.org
+------------------------+
Hello,
Random salt is computed each time an encryption takes place, so you
don't need to configure your digester each time.
Please, have a read at
http://www.jasypt.org/howtoencryptuserpasswords.html, where your
questions are answered and explained.
Regards,
Daniel.
alanz wrote:
> +------------------------+
> Jasypt Users List
>
http://www.jasypt.org
> +------------------------+
>
> I posted my questions before about a month ago but still no reply.
>
> I am reposting important questions and I am hoping some one with more
> knowledge about jasypt
> would answer my questions and provide feedback.
>
> I am using the following in 1.5 jasypt (I want very high security but very
> fast response for user registration and login):
>
> // setup code
> StandardStringDigester digester = new StandardStringDigester()
> digester.setProvider(new BouncyCastleProvider())
> digester.setAlgorithm("WHIRLPOOL")
> digester.setIterations(1900) // increase security by performing
> 50000 hashing iterations
> digester.setSaltSizeBytes(13)
> // do hashing
> String password = digester.digest(txtpassword)
>
> in my web application. I assume that this gives different salt value for
> different password registration of size 13 bytes. Is this correct?
>
> Where is this variable salt value stored?
>
> Do you recommend that I run above code each time a user registers (and also
> when each time a user logins which will do exactly same setup and then use
> matches method) or should I run setup code only one time when the server
> starts up?
>
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword_______________________________________________
jasypt-users mailing list
jasypt-users@...
https://lists.sourceforge.net/lists/listinfo/jasypt-users
