[jboss-jira] [JBoss JIRA] (ELY-302) Add SHA-512-256 to list of algorithms for digest passwords and SASL digest

Jan Kalina (JIRA) issues at jboss.org
Sat Nov 4 05:28:00 EDT 2017 

    [ https://issues.jboss.org/browse/ELY-302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485905#comment-13485905 ] 

Jan Kalina edited comment on ELY-302 at 11/4/17 5:27 AM:
---------------------------------------------------------

SHA-512-256 cannot be implemented using SHA-512 - truncation is not sufficient - the initialization vector needs to be different too, which MessageDigest API does not allow - only by extending JDK-specific class it would be possible...

I see two possibilities:
* to rely on MessageDigest SHA-512-256 provided by bouncycastle of other library (when not present any SHA-512-256 provider, it would be unsupported)
* to add custom implementation of SHA-512-256 as part of elytron - will try...


was (Author: honza889):
SHA-512-256 cannot be implemented using SHA-512 - the initialization vector would have to be different, which MessageDigest API does not allow - sun-specific SHA5 class would have to be extended.

There are two possibilities:
* to rely on MessageDigest SHA-512-256 provided by bouncycastle of other library (when not present any SHA-512-256 provider, it would be unsupported)
* to add custom implementation of SHA-512-256 as part of elytron - will try...

> Add SHA-512-256 to list of algorithms for digest passwords and SASL digest
> --------------------------------------------------------------------------
>
>                 Key: ELY-302
>                 URL: https://issues.jboss.org/browse/ELY-302
>             Project: WildFly Elytron
>          Issue Type: Enhancement
>          Components: Passwords, SASL
>            Reporter: David Lloyd
>            Assignee: Jan Kalina
>
> [RFC 7616|http://www.rfc-editor.org/rfc/rfc7616.txt] was released, indicating that SHA-512-256 is a supported algorithm for digest HTTP mechanisms.  We need support for that algorithm as a password.  We also then should add a corresponding SASL variant to the DIGEST suite.
> There is no MessageDigest for SHA-512-256.  This can be accomplished by truncating the output of SHA-512 to 256 bits (32 bytes).  A wrapper MessageDigest could be created, or the ability to arbitrarily truncate the digest could be added to the DIGEST mechanism.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list