[jboss-jira] [JBoss JIRA] (ELY-867) Masked password support cryptography usage
Jan Kalina (JIRA)
issues at jboss.org
Wed May 2 06:01:01 EDT 2018
[ https://issues.jboss.org/browse/ELY-867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina reassigned ELY-867:
------------------------------
Assignee: Jan Kalina
> Masked password support cryptography usage
> ------------------------------------------
>
> Key: ELY-867
> URL: https://issues.jboss.org/browse/ELY-867
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Reporter: Zoran Regvart
> Assignee: Jan Kalina
>
> I encountered couple of issues with cryptography used for password masking:
> * implementation of masked passwords drops initialization vector (IV) randomly generated by the {{javax.crypto.Cipher}} which makes unmasking (decryption) impossible.
> * the implementation is using the same algorithm for key derivation and encryption, which is not possible as there is no encryption support in {{javax.crypto.Cipher}} for PKDBF2 family of algorithms, they are supported only in {{javax.crypto.SecretKeyFactory}}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list