Store only hashed secrets
(1) Hashed with SHA-512 and an individual salt per user.
(2) Requires storage of both password and salt.
(3) Salt should be long (30 chars) and random.
(4) Conversion of old clear-text passwords into hashes. Quick check on startup for password triple can trigger a fast replacement method.
(5) PrincipalManager needs to get some additional methods.
(6) Principal.getSecret() should be removed or at least deprecated - or renamed and changed into getHashedSecret().
Using PBKDF2 now, introduced new class "Password" with helper methods. Adapted Verifier classes and User class.