I am already using Spring Security / Acegi for encrypting passwords. Why would I want to add jasypt to my security infrastructure?
Before all, understand that jasypt is not a substitute for Spring Security / Acegi, which is a powerful and very complete security framework (and which use the Jasypt author truly recommends). Jasypt will instead integrate into Spring Security / Acegi and improve its password encoding capabilities. Some reasons for considering this integration are: • First and most important, because the default standard encryptors (PasswordEncoder implementations) shipped with Spring Security (as of 2.0.1) are simple message digesters (one hashing iteration, none or user-property based fixed salt…), and are not as safe as jasypt’s password encryptors can be (learn more about random salt and iteration count at the article “How to encrypt user passwords”). • Second, because they don’t provide the same level of configuration capabilities as jasypt’s password encryptors: algorithms, parameters resolution… • And third, because using jasypt will help you decoupling your user management logic (more bussi
