Re: [keycloak-user] Password Hashing

From: "Evan Thompson" <evanthomjd(a)gmail.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-user(a)lists.jboss.org Sent: Thursday, 28 August, 2014 4:30:19 PM Subject: Re: [keycloak-user] Password Hashing Thanks for the quick response. I do have one follow up question. I was further examining the data modal and saw that in the Credential table there is a Salt column. I was wondering if that value accounts for the entire salt used when encrypting the password or is only part of it. Thank you once again, Cheers, Evan On Thu, Aug 28, 2014 at 12:40 AM, Stian Thorgersen <stian(a)redhat.com&gt; wrote: > Keycloak uses PBKDF2 to hash passwords with a configurable number of > iterations. > > ----- Original Message ----- > > From: "Evan Thompson" <evanthomjd(a)gmail.com&gt; > > To: keycloak-user(a)lists.jboss.org > > Sent: Wednesday, 27 August, 2014 8:47:36 PM > > Subject: [keycloak-user] Password Hashing > > > > Howdy, > > > > I've been looking into Keycloak and have a question in regards to > password > > hashing. I came across a closed JIRA item that discusses supporting > bcrypt, > > but the comments just state that improved password hashing has already > been > > added. I guess my question is what exactly does Keycloak provide/support > in > > terms of password encryption and is it configurable. > > > > Cheers, > > > > Evan > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user >