[keycloak-dev] Password storage and KDFs
Stian Thorgersen
stian at redhat.com
Wed Jan 22 10:24:01 EST 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "Bruno Oliveira" <bruno at abstractj.org>, keycloak-dev at lists.jboss.org
> Sent: Wednesday, 22 January, 2014 3:13:52 PM
> Subject: Re: [keycloak-dev] Password storage and KDFs
>
>
>
> On 1/22/2014 10:05 AM, Stian Thorgersen wrote:
> > I think having to enter a master password to start the server could make it
> > quite difficult to manage, especially in clouds and provisioned
> > environments. It should be available as an option though.
> >
>
> Good point. This feature would be backburner then.
IMO we should never store the key in plain-text in the db (or json exports of db). Then we can provide alternatives to how to input the master password, which would be trade-off between convenience and security, as well as environment specific.
>
> > Properties file could be the default. We could create a random password and
> > store it in a file when a realm is created. There's ways to make sure the
> > file is secure (permissions, encrypted storage, etc.). It also means that
> > an attacker would have to gain access to both the server and the db.
> >
>
> Doesn't make much sense to me. If there's ways to secure this property
> file, why wouldn't you do the same for the database?
DB has sockets open and can be compromised through sql injections etc.
You can still encrypt the drive the db is stored on, but that would only help to prevent someone that gains direct access to the machine. It would still be exploitable through sql injections etc.
Local file systems are generally more secure (this is probably a stianism ;)), can be encrypted, etc.
>
> > Would we store the password in memory, the unencrypted private key, or
> > both? With a properties file you wouldn't need to store either in memory,
> > although it would probably become very expensive to decrypt the key all
> > the time.
> >
>
> private key has to be in memory unencrypted. I'd like to load up and
> keep the whole database in memory. Buts thats another discussion down
> the road.
>
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: "Bruno Oliveira" <bruno at abstractj.org>, keycloak-dev at lists.jboss.org
> >> Sent: Wednesday, 22 January, 2014 2:43:51 PM
> >> Subject: Re: [keycloak-dev] Password storage and KDFs
> >>
> >> Using a property file sort of defeats the purpose of encrypting the
> >> keys. The password must be stored in the human brain, IMO :) I'd like
> >> to store keys as text in the db. They are already stored in PEM format.
> >>
> >> On 1/22/2014 9:39 AM, Bruno Oliveira wrote:
> >>> We did something on AeroGear with property file (not perfect), but I
> >>> would
> >>> like to look at Keycloak before suggest anything. Maybe is possible
> >>> implement using the KeyStore from Java?
> >>>
> >>>
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list