2:13 p.m.
Keycloak 1.9.5.Final has just been released. There's one change worth
highlighting in this release. We've increased the default password hashing
intervals to 20000. Yes, you read that right. We've actually recommended
using 20000 for a while now, but the default was only 1. This is a clear
trade-off between performance and how secure passwords are stored. With 1
password hashing interval it takes less than 1 ms to hash a password, while
with 20000 it takes tens of ms.
For the full list of resolved issues check out JIRA
<https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...
and
to download the release go to the Keycloak homepage
<http://www.keycloak.org/downloads>;.
7:06 p.m.
Hello Stian, (Hello Developers,)
I wonder if you think about switching from SHA256 as the default hash algorithm to
SHA512.
Nowadays most of the servers are equipped with 64Bit CPUs and SHA512 can actually benefit
from that architecture (under good conditions 1/3x faster than SHA256).
Correct me if I'm wrong but as far as I know it's not possible to select the
algorithms without some custom code changes.
Best regards,
Christian
________________________________________
Von: keycloak-user-bounces(a)lists.jboss.org
[keycloak-user-bounces(a)lists.jboss.org]&quot; im Auftrag von "Stian
Thorgersen [sthorger(a)redhat.com]
Gesendet: Donnerstag, 26. Mai 2016 21:13
An: keycloak-user; keycloak-dev
Betreff: [keycloak-user] Keycloak 1.9.5.Final Released
Keycloak 1.9.5.Final has just been released. There's one change worth highlighting in
this release. We've increased the default password hashing intervals to 20000. Yes,
you read that right. We've actually recommended using 20000 for a while now, but the
default was only 1. This is a clear trade-off between performance and how secure passwords
are stored. With 1 password hashing interval it takes less than 1 ms to hash a password,
while with 20000 it takes tens of ms.
For the full list of resolved issues check out
JIRA<https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20a...
and to download the release go to the Keycloak
homepage<http://www.keycloak.org/downloads>;.
12:22 a.m.
There's 3 places this would be relevant: session codes (used during
authentication), OpenID Connect and SAML. Only SAML currently supports
configuring to SHA512. It's not currently on the road-map to add for the
others, but feel free to create a JIRA issue to request this.
On 30 May 2016 at 02:06, Lange, Christian <christian.lange(a)atos.net> wrote:
Hello Stian, (Hello Developers,)
I wonder if you think about switching from SHA256 as the default hash
algorithm to SHA512.
Nowadays most of the servers are equipped with 64Bit CPUs and SHA512 can
actually benefit from that architecture (under good conditions 1/3x faster
than SHA256).
Correct me if I'm wrong but as far as I know it's not possible to select
the algorithms without some custom code changes.
Best regards,
Christian
________________________________________
Von: keycloak-user-bounces(a)lists.jboss.org [
keycloak-user-bounces(a)lists.jboss.org]&quot; im Auftrag von "Stian
Thorgersen [sthorger(a)redhat.com]
Gesendet: Donnerstag, 26. Mai 2016 21:13
An: keycloak-user; keycloak-dev
Betreff: [keycloak-user] Keycloak 1.9.5.Final Released
Keycloak 1.9.5.Final has just been released. There's one change worth
highlighting in this release. We've increased the default password hashing
intervals to 20000. Yes, you read that right. We've actually recommended
using 20000 for a while now, but the default was only 1. This is a clear
trade-off between performance and how secure passwords are stored. With 1
password hashing interval it takes less than 1 ms to hash a password, while
with 20000 it takes tens of ms.
For the full list of resolved issues check out JIRA<
https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...
and to download the release go to the Keycloak homepage<
http://www.keycloak.org/downloads>;.
3145
days inactive
3149
days old
2 comments
2 participants
participants (2)
-
Lange, Christian -
Stian Thorgersen