[keycloak-dev] argon2 password hashing
Roelof Naude
roelof.naude at gmail.com
Mon Apr 25 12:36:42 EDT 2016
thank you all for the quick response.
do you guys have a basic idea on how to approach the policy spi? we are
more than willing to help out to get it done.
maintaining a fork is maybe an option to resolve the immediate need, but
would prefer to keep things upstream as much as possible.
On Mon, Apr 25, 2016 at 5:30 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> We an to introduce a password policy spi soon, but for now you're stuck
> with the built-in policies.
> On 25 Apr 2016 16:43, "Bruno Oliveira" <bruno at abstractj.org> wrote:
>
>> I believe we don't have an SPI for this, yet. See:
>> https://issues.jboss.org/browse/KEYCLOAK-2824.
>>
>> IMO, Argon2 is completely new and aside from the bindings, we don't have
>> a Java implementation, yet for this. I'm not sure if is a good idea to
>> introduce C to the codebase, but totally doable to have an SPI for
>> policies.
>>
>> On 2016-04-25, Roelof Naude wrote:
>> > hi,
>> >
>> > a client has requested the use of the argon2 [1, 2] password hashing
>> > scheme. this can easily be added as an external provider. we do however
>> > require custom password policies, e.g. memory / parallelism cost as
>> well as
>> > salt length. AFAIK there is no way to provide policy extensions using a
>> > provider interface?
>> >
>> > would argon2 be a worthwhile contribution?
>> >
>> > regards
>> > roelof.
>> >
>> > [1] https://github.com/P-H-C/phc-winner-argon2
>> > [2] https://github.com/phxql/argon2-jvm
>>
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160425/34deb757/attachment.html
More information about the keycloak-dev
mailing list