[JBoss JIRA] (WFLY-1130) vault shared key should be salted

Monday, 27 January 2014



     [
https://issues.jboss.org/browse/WFLY-1130?page=com.atlassian.jira.plugin....
]

Peter Skopek resolved WFLY-1130.
--------------------------------

    Resolution: Out of Date


This issue is outdated by new implementation of PicketBox Security Vault.
The vault is using symmetric encryption with key stored in keystore and not using shared
key any more. 
---
commit 6176d4cf9d4b8cb73a92b01cfb9214292ed18b52
Author: Peter Skopek <pskopek(a)redhat.com&gt; 2013-08-05 21:24:13
Committer: Brian Stansberry <brian.stansberry(a)redhat.com&gt; 2013-10-07 22:29:27
                
...
 vault shared key should be salted
 ---------------------------------

                 Key: WFLY-1130
                 URL: https://issues.jboss.org/browse/WFLY-1130
             Project: WildFly
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
          Components: Security
            Reporter: Gernot P
            Assignee: Peter Skopek

 Actual behaviour:
 (1) create a vault entry with
      vault attribute value: xxx
      vault block: y1
      vault attribute name: z1
 (2) create another vault entry with
      vault attribute value: xxx
      vault block: y2
      vault attribute name: z2
 and you see that vault shared key is the same for entry 1 and entry 2
 feature request:
 two vault entries with same attribute value but different block names and attribute names
should have different shared keys 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006