Lucee Admin password encryption algorithm

I am trying to get a confirmation on this… What encryption algorithm is used to encrypt the Lucee admin password? One place I’ve found states that it is blowfish, but I also found this link ( How to encrypt passwords - dev / support - Lucee Dev) that makes it look like it is SHA256.

I need a definitive answer on this because if I am to use Lucee in our company, we have rules about not using blowfish and I would have to get an exception if possible. I have seen that the db passwords are encrypted with blowfish but that is a non issue because we load the db passwords at run time and they never get encrypted into the xml files.

Steve Durette

the admin password is encrypted using SHA-256, with five iterations


Thank you so much