[jboss-jira] [JBoss JIRA] (ELY-867) Masked password support cryptography usage
Farah Juma (Jira)
issues at jboss.org
Mon Jul 15 14:59:00 EDT 2019
[ https://issues.jboss.org/browse/ELY-867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma updated ELY-867:
---------------------------
Fix Version/s: 1.10.0.CR3
> Masked password support cryptography usage
> ------------------------------------------
>
> Key: ELY-867
> URL: https://issues.jboss.org/browse/ELY-867
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Passwords
> Reporter: Zoran Regvart
> Assignee: Ashley Abdel-Sayed
> Priority: Major
> Fix For: 1.10.0.CR3
>
>
> I encountered couple of issues with cryptography used for password masking:
> * implementation of masked passwords drops initialization vector (IV) randomly generated by the {{javax.crypto.Cipher}} which makes unmasking (decryption) impossible.
> * the implementation is using the same algorithm for key derivation and encryption, which is not possible as there is no encryption support in {{javax.crypto.Cipher}} for PKDBF2 family of algorithms, they are supported only in {{javax.crypto.SecretKeyFactory}}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list