<div dir="ltr"><div class="gmail_extra">Thanks for the quick response. I do have one follow up question. I was further examining the data modal and saw that in the Credential table there is a Salt column. I was wondering if that value accounts for the entire salt used when encrypting the password or is only part of it. <div>
<br></div><div>Thank you once again,</div><div><br></div><div>Cheers,</div><div>Evan </div><div><br></div><br><div class="gmail_quote">On Thu, Aug 28, 2014 at 12:40 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Keycloak uses PBKDF2 to hash passwords with a configurable number of iterations.<br>
<div><div class="h5"><br>
----- Original Message -----<br>
> From: "Evan Thompson" <<a href="mailto:evanthomjd@gmail.com">evanthomjd@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Wednesday, 27 August, 2014 8:47:36 PM<br>
> Subject: [keycloak-user] Password Hashing<br>
><br>
> Howdy,<br>
><br>
> I've been looking into Keycloak and have a question in regards to password<br>
> hashing. I came across a closed JIRA item that discusses supporting bcrypt,<br>
> but the comments just state that improved password hashing has already been<br>
> added. I guess my question is what exactly does Keycloak provide/support in<br>
> terms of password encryption and is it configurable.<br>
><br>
> Cheers,<br>
><br>
> Evan<br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div></div>