I've tried to reproduce but wasn't able. What I did was:
- Start 3.2.0
- During initial creation of admin user, I can see that it uses
iterations -1, so it defaults to 27500 iterations, which is the default
for Pbkdf2Sha256PasswordHashProviderFactory.
- I've manually changed the password policy in admin console and added
Hash Iterations to be 10000.
- After relogin of admin user, I can see that it uses configured 10000
iterations. New users are always created with 10000 iterations.
Marek
On 18/07/17 02:32, Sarp Kaya wrote:
Hello,
I know that this is an internal SPI but I believe it’s broken.
I realised that interface has been changed, now it’s giving the iterations directly for
the “encode” method. The problem is it’s always calling encode method with iterations
valued –1 regardless of what you put in the UI. I realised that in keycloak for
"Pbkdf2PasswordHashProvider” it’s defaulting to 20000 iterations; but if you want
this to be higher or lower, it doesn’t work either (since iterations will always be –1)
My question is, could you please check this? Also if you don’t support “internal SPIs”
how are we going to use other encryption methods such as bcrypt or scrypt etc?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user