Re: [keycloak-user] Keycloak 1.9.5.Final Released

Hello Stian, (Hello Developers,) I wonder if you think about switching from SHA256 as the default hash algorithm to SHA512. Nowadays most of the servers are equipped with 64Bit CPUs and SHA512 can actually benefit from that architecture (under good conditions 1/3x faster than SHA256). Correct me if I'm wrong but as far as I know it's not possible to select the algorithms without some custom code changes. Best regards, Christian ________________________________________ Von: keycloak-user-bounces(a)lists.jboss.org [keycloak-user-bounces(a)lists.jboss.org]&amp;quot; im Auftrag von &quot;Stian Thorgersen [sthorger(a)redhat.com] Gesendet: Donnerstag, 26. Mai 2016 21:13 An: keycloak-user; keycloak-dev Betreff: [keycloak-user] Keycloak 1.9.5.Final Released Keycloak 1.9.5.Final has just been released. There's one change worth highlighting in this release. We've increased the default password hashing intervals to 20000. Yes, you read that right. We've actually recommended using 20000 for a while now, but the default was only 1. This is a clear trade-off between performance and how secure passwords are stored. With 1 password hashing interval it takes less than 1 ms to hash a password, while with 20000 it takes tens of ms. For the full list of resolved issues check out JIRA<https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20a... and to download the release go to the Keycloak homepage<http://www.keycloak.org/downloads>;.