[jboss-jira] [JBoss JIRA] (ELY-867) Masked password support cryptography usage
Darran Lofthouse (JIRA)
issues at jboss.org
Sun Aug 20 06:39:10 EDT 2017
[ https://issues.jboss.org/browse/ELY-867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned ELY-867:
------------------------------------
Assignee: (was: Darran Lofthouse)
> Masked password support cryptography usage
> ------------------------------------------
>
> Key: ELY-867
> URL: https://issues.jboss.org/browse/ELY-867
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Reporter: Zoran Regvart
>
> I encountered couple of issues with cryptography used for password masking:
> * implementation of masked passwords drops initialization vector (IV) randomly generated by the {{javax.crypto.Cipher}} which makes unmasking (decryption) impossible.
> * the implementation is using the same algorithm for key derivation and encryption, which is not possible as there is no encryption support in {{javax.crypto.Cipher}} for PKDBF2 family of algorithms, they are supported only in {{javax.crypto.SecretKeyFactory}}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list