Hello,
Cuba offers two encryption type out of the box (md5 and sha1). Since they are not very secure I would like to use BCrypt for encrypting my password.
This can be done by implementing my own EncryptionModule ([cuba/EncryptionModule.java at 8836668c2fd0ffa88f2e91b9df6f64565c28b983 · cuba-platform/cuba · GitHub]). After implementing the different get*Hash()-methods I am now stuck with the checkPassword method:
EncryptionModule.checkPassword(User user, String givenPassword);
I expected that givenPassword would be the plain text password that the user entered. Actually it the givenPassword is already encrypted. My problem is that I need he plain text password and the previously encrypted password to check if they are equal.
(see spring security implementation: [spring-security/BCryptPasswordEncoder.java at main · spring-projects/spring-security · GitHub])
How can I implement BCrypt for password encryption in cuba?
Yours,
Joerg