<p dir="ltr">We an to introduce a password policy spi soon, but for now you're stuck with the built-in policies.</p>
<div class="gmail_quote">On 25 Apr 2016 16:43, "Bruno Oliveira" <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I believe we don't have an SPI for this, yet. See: <a href="https://issues.jboss.org/browse/KEYCLOAK-2824" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-2824</a>.<br>
<br>
IMO, Argon2 is completely new and aside from the bindings, we don't have<br>
a Java implementation, yet for this. I'm not sure if is a good idea to<br>
introduce C to the codebase, but totally doable to have an SPI for<br>
policies.<br>
<br>
On 2016-04-25, Roelof Naude wrote:<br>
> hi,<br>
><br>
> a client has requested the use of the argon2 [1, 2] password hashing<br>
> scheme. this can easily be added as an external provider. we do however<br>
> require custom password policies, e.g. memory / parallelism cost as well as<br>
> salt length. AFAIK there is no way to provide policy extensions using a<br>
> provider interface?<br>
><br>
> would argon2 be a worthwhile contribution?<br>
><br>
> regards<br>
> roelof.<br>
><br>
> [1] <a href="https://github.com/P-H-C/phc-winner-argon2" rel="noreferrer" target="_blank">https://github.com/P-H-C/phc-winner-argon2</a><br>
> [2] <a href="https://github.com/phxql/argon2-jvm" rel="noreferrer" target="_blank">https://github.com/phxql/argon2-jvm</a><br>
<br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote></div>