[keycloak-user] Keycloak 1.9.5.Final Released

Lange, Christian christian.lange at atos.net
Sun May 29 20:06:03 EDT 2016


Hello Stian, (Hello Developers,)

I wonder if you think about switching from SHA256 as the default hash algorithm to SHA512.
Nowadays most of the servers are equipped with 64Bit CPUs and SHA512 can actually benefit from that architecture (under good conditions 1/3x faster than SHA256).

Correct me if I'm wrong but as far as I know it's not possible to select the algorithms without some custom code changes.

Best regards,
Christian

________________________________________
Von: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.jboss.org]" im Auftrag von "Stian Thorgersen [sthorger at redhat.com]
Gesendet: Donnerstag, 26. Mai 2016 21:13
An: keycloak-user; keycloak-dev
Betreff: [keycloak-user] Keycloak 1.9.5.Final Released

Keycloak 1.9.5.Final has just been released. There's one change worth highlighting in this release. We've increased the default password hashing intervals to 20000. Yes, you read that right. We've actually recommended using 20000 for a while now, but the default was only 1. This is a clear trade-off between performance and how secure passwords are stored. With 1 password hashing interval it takes less than 1 ms to hash a password, while with 20000 it takes tens of ms.

For the full list of resolved issues check out JIRA<https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fixVersion%20%3D%201.9.5.Final> and to download the release go to the Keycloak homepage<http://www.keycloak.org/downloads>.




More information about the keycloak-user mailing list