Re: [keycloak-dev] KEYCLOAK-1900 - Pluggable password hashing algorithm

What you mean is migrate from badly broken legacies like: MD5(salt + password) SHA1(salt +password) To BCrypt, Scrypt or PBKDF2? If yes, +1000000 On Tue, Nov 17, 2015 at 1:07 PM Kunal K <kunal(a)plivo.com&gt; wrote: > Hi all, > > I would like to start a discussion on how to implement - > https://issues.jboss.org/browse/KEYCLOAK-1900 > > I have a django web app and all of my users are in a postgres database > with salted passwords hashed using SHA. I have been reading how I can use > UserFederation to implement by own credential validation, but the drawback > here would be that I'll have to keep maintaining my old database. > > For starters, I was thinking of replacing all occurrences of > Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which is a > very crude approach and I'm not sure if it will even work. After some bit > of reading I saw this ticket - > https://issues.jboss.org/browse/KEYCLOAK-1900 > > I would like to implement a custom hashing SPI and would love to get some > pointers on how to go about it. > > Thanks > > -- > *KUNAL KERKAR *| PRODUCT ENGINEER > Plivo, Inc. 340 Pine St, San Francisco - 94104, USA > Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>;, @tsudot > <http://twitter.com/tsudot> > > Free Incoming SMS for All US Short Codes – Get One Today! > <https://www.plivo.com/sms-short-code/?utm=emailsig> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev