Mark, On 9/24/14 5:00 AM, Mark Thomas wrote: > On 23/09/2014 10:49, Mark Thomas wrote: >> On 23/09/2014 00:56, "Gabriel E. Sánchez Martínez" wrote: >>> >>> On 09/17/2014 04:36 AM, Mark Thomas wrote: >>>> On 16/09/2014 22:14, Christopher Schultz wrote: >>>>> Mark, >>>>> >>>>> On 9/16/14 3:39 PM, Mark Thomas wrote: >>>>>> Updated patch: >>>>>> http://people.apache.org/~markt/patches/2014-09-16-bug56403-tc8-v2.patch >>>>>> >>> It's looking good! >> >> I have an updated version I need to upload that addresses the remaining >> issues. > > Version 3: > http://people.apache.org/~markt/patches/2014-09-24-bug56403-tc8-v3.patch
Looks good. I'm just curious: why did you call the class that does PBKDF2 PBECredentialFilter? Does that stand for "Password-based encryption/encoding"? PBE is often used for "password-based encryption" but here we aren't actually doing any encryption; we're just doing the password part. Naming this class is tough because technically it can use any algorithm that works with Java's SecretKey API. Also, why does ConcurrentMessageDigest.digest have a varargs byte[] parameter? Is it useful to be able to accept more than one byte array to that method? Thanks, -chris
signature.asc
Description: OpenPGP digital signature
