[jbossseam-issues] [JBoss JIRA] Assigned: (JBSEAM-3763) Make it possible to specify iteration count for salt+password hashing

Make it possible to specify iteration count for salt+password hashing --------------------------------------------------------------------- Key: JBSEAM-3763 URL: https://jira.jboss.org/jira/browse/JBSEAM-3763 Project: Seam Issue Type: Feature Request Components: Security Environment: Seam 2.1 Reporter: Nikolay Elenkov Assignee: Shane Bryzak The current default implementation of password hashing hashes the salt and password only one time. Since having a number of iterations when generating the hash value is a generally accepted security practice (Cf. PKCS#5), it would be nice if one could specify the iteration count as a parameter to UserPassword. Suggestion: Add an 'iterationCount' attribute to the UserPassword annotation. Example usage: class User { @UserPassword(hash="sha1", iterationCount=1000) String getPasswordHash() {..} }