[ https://issues.jboss.org/browse/ELY-1189?page=com.atlassian.jira.plugin.s... ] Peter Skopek commented on ELY-1189: ----------------------------------- zregvart commented on 12 Jan All good points, let me open up another can of worms Assuming that the goal of MaskedPassword is to prevent someone from glancing over and seeing the password in clear text I would argue that the current MaskedPassword could be split into two implementations PickBoxMaskedPassword and SimpleMaskedPassword (example name). PickBoxMaskedPassword would remain for compatibility with PicketBox. While SimpleMaskedPassword would use simple algorithm to obfuscate the password (ROT13, XOR). I think there is really little value from cryptography standpoint, form using an KDF for generating the key to transform (encrypt/decrypt) clear text password and exposing all the parameters for the KDF (in this case the initial secret, hardcoded "somearbitr...") and the transformation (salt, iteration count, IV) also in the clear. I also think that it could be CredentialStore-s domain to pick if it wants to derive key for its protection from a Password (probably transformed to ClearPasswordSpec) by using a KDF of choice and so there should be no need for using a KDF in MaskedPassword. Also using the KDF (SecretKeyFactory) in the current implementation with no with 0 iterations and no salt (default for PBEKeySpec if not specified) is not adding any security as the key would be used verbatim (check the getEncoded of the resulting SecretKey). -- This message was sent by Atlassian JIRA (v7.2.3#72005)