I believe we don't have an SPI for this, yet. See:
https://issues.jboss.org/browse/KEYCLOAK-2824.
IMO, Argon2 is completely new and aside from the bindings, we don't have
a Java implementation, yet for this. I'm not sure if is a good idea to
introduce C to the codebase, but totally doable to have an SPI for
policies.
On 2016-04-25, Roelof Naude wrote:
hi,
a client has requested the use of the argon2 [1, 2] password hashing
scheme. this can easily be added as an external provider. we do however
require custom password policies, e.g. memory / parallelism cost as well as
salt length. AFAIK there is no way to provide policy extensions using a
provider interface?
would argon2 be a worthwhile contribution?
regards
roelof.
[1]
https://github.com/P-H-C/phc-winner-argon2
[2]
https://github.com/phxql/argon2-jvm
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj
PGP: 0x84DC9914