[keycloak-dev] KEYCLOAK-1900 - Pluggable password hashing algorithm

Bruno Oliveira bruno at abstractj.org
Tue Nov 17 10:48:36 EST 2015


What you mean is migrate from badly broken legacies like:

MD5(salt + password)
SHA1(salt +password)

To BCrypt, Scrypt or PBKDF2? If yes, +1000000

On Tue, Nov 17, 2015 at 1:07 PM Kunal K <kunal at plivo.com> wrote:

> Hi all,
>
> I would like to start a discussion on how to implement -
> https://issues.jboss.org/browse/KEYCLOAK-1900
>
> I have a django web app and all of my users are in a postgres database
> with salted passwords hashed using SHA. I have been reading how I can use
> UserFederation to implement by own credential validation, but the drawback
> here would be that I'll have to keep maintaining my old database.
>
> For starters, I was thinking of replacing all occurrences of
> Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which is a
> very crude approach and I'm not sure if it will even work. After some bit
> of reading I saw this ticket -
> https://issues.jboss.org/browse/KEYCLOAK-1900
>
> I would like to implement a custom hashing SPI and would love to get some
> pointers on how to go about it.
>
> Thanks
>
> --
> *KUNAL KERKAR *| PRODUCT ENGINEER
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>, @tsudot
> <http://twitter.com/tsudot>
>
> Free Incoming SMS for All US Short Codes – Get One Today!
> <https://www.plivo.com/sms-short-code/?utm=emailsig>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151117/75494354/attachment.html 


More information about the keycloak-dev mailing list