can just handle something like this like we do hash iterations. Store
the algorithm used, verify the password, compute the new hash with the
new algorithm.
On 11/17/2015 10:33 AM, Bruno Oliveira wrote:
By salted passwords using SHA1, do you mean something like:
hash(salt + password) ?
If yes, hashes like SHA for example, were designed to be fast and can be
broken with much less computational power than BCrypt, PBKDF2 or Scrypt
for example.
On Tue, Nov 17, 2015 at 1:07 PM Kunal K <kunal(a)plivo.com
<mailto:kunal@plivo.com>> wrote:
Hi all,
I would like to start a discussion on how to implement -
https://issues.jboss.org/browse/KEYCLOAK-1900
I have a django web app and all of my users are in a postgres
database with salted passwords hashed using SHA. I have been reading
how I can use UserFederation to implement by own credential
validation, but the drawback here would be that I'll have to keep
maintaining my old database.
For starters, I was thinking of replacing all occurrences of
Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which
is a very crude approach and I'm not sure if it will even work.
After some bit of reading I saw this ticket -
https://issues.jboss.org/browse/KEYCLOAK-1900
I would like to implement a custom hashing SPI and would love to get
some pointers on how to go about it.
Thanks
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web:
www.plivo.com <
http://www.plivo.com/> | Twitter: @plivo
<
http://twitter.com/plivo>, @tsudot <
http://twitter.com/tsudot>
Free Incoming SMS for All US Short Codes – Get One Today!
<
https://www.plivo.com/sms-short-code/?utm=emailsig>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev