[jboss-jira] [JBoss JIRA] (ELY-867) Masked password support cryptography usage
Zoran Regvart (JIRA)
issues at jboss.org
Wed Jan 11 08:08:00 EST 2017
Zoran Regvart created ELY-867:
---------------------------------
Summary: Masked password support cryptography usage
Key: ELY-867
URL: https://issues.jboss.org/browse/ELY-867
Project: WildFly Elytron
Issue Type: Bug
Components: Passwords
Reporter: Zoran Regvart
Assignee: Darran Lofthouse
I encountered couple of issues with cryptography used for password masking:
* implementation of masked passwords drops initialization vector (IV) randomly generated by the {{javax.crypto.Cipher}} which makes unmasking (decryption) impossible.
* the implementation is using the same algorithm for key derivation and encryption, which is not possible as there is no encryption support in {{javax.crypto.Cipher}} for PKDBF2 family of algorithms, they are supported only in {{javax.crypto.SecretKeyFactory}}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list