That's the entire salt. We create a new salt for each password.
----- Original Message -----
From: "Evan Thompson" <evanthomjd(a)gmail.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Thursday, 28 August, 2014 4:30:19 PM
Subject: Re: [keycloak-user] Password Hashing
Thanks for the quick response. I do have one follow up question. I was
further examining the data modal and saw that in the Credential table there
is a Salt column. I was wondering if that value accounts for the entire
salt used when encrypting the password or is only part of it.
Thank you once again,
Cheers,
Evan
On Thu, Aug 28, 2014 at 12:40 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
> Keycloak uses PBKDF2 to hash passwords with a configurable number of
> iterations.
>
> ----- Original Message -----
> > From: "Evan Thompson" <evanthomjd(a)gmail.com>
> > To: keycloak-user(a)lists.jboss.org
> > Sent: Wednesday, 27 August, 2014 8:47:36 PM
> > Subject: [keycloak-user] Password Hashing
> >
> > Howdy,
> >
> > I've been looking into Keycloak and have a question in regards to
> password
> > hashing. I came across a closed JIRA item that discusses supporting
> bcrypt,
> > but the comments just state that improved password hashing has already
> been
> > added. I guess my question is what exactly does Keycloak provide/support
> in
> > terms of password encryption and is it configurable.
> >
> > Cheers,
> >
> > Evan
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>