[keycloak-dev] KEYCLOAK-1900 - Pluggable password hashing algorithm

Bruno Oliveira bruno at abstractj.org
Tue Nov 17 10:33:38 EST 2015


By salted passwords using SHA1, do you mean something like:

hash(salt + password) ?

If yes, hashes like SHA for example, were designed to be fast and can be
broken with much less computational power than BCrypt, PBKDF2 or Scrypt for
example.


On Tue, Nov 17, 2015 at 1:07 PM Kunal K <kunal at plivo.com> wrote:

> Hi all,
>
> I would like to start a discussion on how to implement -
> https://issues.jboss.org/browse/KEYCLOAK-1900
>
> I have a django web app and all of my users are in a postgres database
> with salted passwords hashed using SHA. I have been reading how I can use
> UserFederation to implement by own credential validation, but the drawback
> here would be that I'll have to keep maintaining my old database.
>
> For starters, I was thinking of replacing all occurrences of
> Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which is a
> very crude approach and I'm not sure if it will even work. After some bit
> of reading I saw this ticket -
> https://issues.jboss.org/browse/KEYCLOAK-1900
>
> I would like to implement a custom hashing SPI and would love to get some
> pointers on how to go about it.
>
> Thanks
>
> --
> *KUNAL KERKAR *| PRODUCT ENGINEER
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>, @tsudot
> <http://twitter.com/tsudot>
>
> Free Incoming SMS for All US Short Codes – Get One Today!
> <https://www.plivo.com/sms-short-code/?utm=emailsig>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151117/a7b46253/attachment-0001.html 


More information about the keycloak-dev mailing list