I'm not saying I disagree, I'm just frustrated that the MOST important thing in the world for web developers (storing passwords) is still the MOST half-assed process.
Where's the super-simple-recently-updated-one-line call? Use bcrypt? What about scrypt? What about salting, md5, sha1, sha256, sha512, blowfish...
Here's what I want:
String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.SECURE);
//or
String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.FAST);
Something like that, updated whenever a better process comes up, seamless, backwards compatible and universally accepted (Something ported to php, ruby, grails, nodejs, java, c#, python etc...). Does that exist?
http://www.mindrot.org/projects/jBCrypt/ - last updated 2010
http://bcrypt.sourceforge.net/ - updated 2002
http://news.ycombinator.com/item?id=601408 - bcrypt is now obsolete
http://stackoverflow.com/questions/615704/preferred-method-o... no mention of it
I'm not saying I disagree, I'm just frustrated that the MOST important thing in the world for web developers (storing passwords) is still the MOST half-assed process.
Where's the super-simple-recently-updated-one-line call? Use bcrypt? What about scrypt? What about salting, md5, sha1, sha256, sha512, blowfish...
Here's what I want:
String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.SECURE); //or String value = MrCrypto.encrypt("Pa33W0rd",MrCrypto.FAST);
boolean matches = MrCrypto.matches("Pa33W0rd", value);
Something like that, updated whenever a better process comes up, seamless, backwards compatible and universally accepted (Something ported to php, ruby, grails, nodejs, java, c#, python etc...). Does that exist?