[jboss-jira] [JBoss JIRA] (ELY-1290) OneTimePasswordImpl provides only MD5 and SHA1 hash algorithms

OneTimePasswordImpl provides only MD5 and SHA1 hash algorithms -------------------------------------------------------------- Key: ELY-1290 URL: https://issues.jboss.org/browse/ELY-1290 Project: WildFly Elytron Issue Type: Bug Components: Passwords Affects Versions: 1.1.0.CR2 Reporter: Jan Kalina Assignee: Jan Kalina Priority: Critical Only MD5 and SHA-1 hash algorithms are valid in OneTimePasswordImpl. {code:title=/subsystem=elytron/filesystem-realm=a:read-operation-description(name=set-password)} "otp" => { "type" => OBJECT, "description" => "A one-time password, used by the OTP SASL mechanism.", "expressions-allowed" => false, "required" => false, "nillable" => true, "value-type" => { "algorithm" => { "type" => STRING, "description" => "The algorithm used to encrypt the password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "default" => "otp-sha1", "allowed" => [ "otp-md5", "otp-sha1" ] }, "hash" => { "type" => STRING, "description" => "The hash represented by this password.", "expressions-allowed" => true, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }, "seed" => { "type" => STRING, "description" => "The seed used to generate the hash.", "expressions-allowed" => true, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }, "sequence" => { "type" => INT, "description" => "The sequence number used to generate the hash.", "expressions-allowed" => true, "required" => true, "nillable" => false } } } {code} Extend list to more secure hash algorithms, e.g. digest-sha-256 digest-sha-512? For example MD5 is not allowed in FIPS mode [1]. Although SHA-1 is, it is generally considered to be not secure anymore. [1] http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf