https://issues.apache.org/bugzilla/show_bug.cgi?id=51966
--- Comment #11 from da...@leppik.net --- Unfortunately, just adding salt to hashes doesn't provide much more security these days. Modern password hashing algorithms, such as bcrypt, include the salt as part of the hash. What's more, the current digest algorithms are woefully out of date, so just adding salt will just extend the illusion that they are secure. A better solution would be to allow users to plug in a digest algorithm that they trust, and perhaps to bundle a few high quality third-party algorithms as well. I'm going to create a separate bug report with more details. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
