The default implementation of SensitiveDataCodec.
This class is used when the user indicates in the config
file to use a masked password but doesn't give a
It supports one-way hash (digest) and two-way (encrypt-decrpt) algorithms
The two-way uses "Blowfish" algorithm
The one-way uses "PBKDF2" hash algorithm