----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "Bruno Oliveira" <bruno(a)abstractj.org>, keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 22 January, 2014 3:13:52 PM
Subject: Re: [keycloak-dev] Password storage and KDFs
On 1/22/2014 10:05 AM, Stian Thorgersen wrote:
> I think having to enter a master password to start the server could make it
> quite difficult to manage, especially in clouds and provisioned
> environments. It should be available as an option though.
>
Good point. This feature would be backburner then.
IMO we should never store the key in plain-text in the db (or json exports of db). Then we
can provide alternatives to how to input the master password, which would be trade-off
between convenience and security, as well as environment specific.
> Properties file could be the default. We could create a random password and
> store it in a file when a realm is created. There's ways to make sure the
> file is secure (permissions, encrypted storage, etc.). It also means that
> an attacker would have to gain access to both the server and the db.
>
Doesn't make much sense to me. If there's ways to secure this property
file, why wouldn't you do the same for the database?
DB has sockets open and can be compromised through sql injections etc.
You can still encrypt the drive the db is stored on, but that would only help to prevent
someone that gains direct access to the machine. It would still be exploitable through sql
injections etc.
Local file systems are generally more secure (this is probably a stianism ;)), can be
encrypted, etc.
> Would we store the password in memory, the unencrypted private key, or
> both? With a properties file you wouldn't need to store either in memory,
> although it would probably become very expensive to decrypt the key all
> the time.
>
private key has to be in memory unencrypted. I'd like to load up and
keep the whole database in memory. Buts thats another discussion down
the road.
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: "Bruno Oliveira" <bruno(a)abstractj.org>,
keycloak-dev(a)lists.jboss.org
>> Sent: Wednesday, 22 January, 2014 2:43:51 PM
>> Subject: Re: [keycloak-dev] Password storage and KDFs
>>
>> Using a property file sort of defeats the purpose of encrypting the
>> keys. The password must be stored in the human brain, IMO :) I'd like
>> to store keys as text in the db. They are already stored in PEM format.
>>
>> On 1/22/2014 9:39 AM, Bruno Oliveira wrote:
>>> We did something on AeroGear with property file (not perfect), but I
>>> would
>>> like to look at Keycloak before suggest anything. Maybe is possible
>>> implement using the KeyStore from Java?
>>>
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com