[keycloak-dev] profile results
Bill Burke
bburke at redhat.com
Tue Jun 3 09:22:27 EDT 2014
On 6/3/2014 9:14 AM, Bruno Oliveira wrote:
> It pretty much depends on which machine the system will run, maybe
> make password salting configurable is a good idea.
>
I put in a JIRA for it. https://issues.jboss.org/browse/KEYCLOAK-508
> The number of iterations pretty much depends on the computational
> resources, you can increase to 100.000.000 for example and make
> the system vulnerable to DDoS.
>
With the previous default of 20000 iterations it was *already*
vulnerable to DDoS.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list