IdStory Identity Manager

• I was implement two different methods for hashing passwords:
• > Bcrypt from http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html
• > PBKDF2 as algorithm from SecretKeyFactory javax.crypto,
• both have samo advantages,
• > Bcrypt - easy implement
• > PBKDF2 - quick
• and disvantages:
• > Bcrypt > slow - Password: 'T3st@#te_st12' | hash: $2a$13$3k7xrleknYmZ.9v.mcfUie6ooVUchoPRqer.SPGAGemlL/khbCx1q | Salt : $2a$13$3k7xrleknYmZ.9v.mcfUie | Time: 771ms
• > PBKDF2 - less secure than bcrypt.

• bcrypt - own salt generate method, salt is part of password see above,
• PBKDF2 - for salt is use as salt identities UUID transform to logn digs,.

Now I wait for response from ZB.

Please check if you do feedback in task #266, otherwise please check this new entity. Thank you Radek.

I did test and review and source code looks nice, API is clean and readable, everything works, thx.

• transactions are missing in DefaultIdmPasswordService. Its not required now, because just one operation on repository is executed, but i like transactions (normal / readonly) on services :)

Its nice, thx.