[keycloak-user] Password Hashing
Stian Thorgersen
stian at redhat.com
Fri Aug 29 02:44:58 EDT 2014
That's the entire salt. We create a new salt for each password.
----- Original Message -----
> From: "Evan Thompson" <evanthomjd at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Thursday, 28 August, 2014 4:30:19 PM
> Subject: Re: [keycloak-user] Password Hashing
>
> Thanks for the quick response. I do have one follow up question. I was
> further examining the data modal and saw that in the Credential table there
> is a Salt column. I was wondering if that value accounts for the entire
> salt used when encrypting the password or is only part of it.
>
> Thank you once again,
>
> Cheers,
> Evan
>
>
> On Thu, Aug 28, 2014 at 12:40 AM, Stian Thorgersen <stian at redhat.com> wrote:
>
> > Keycloak uses PBKDF2 to hash passwords with a configurable number of
> > iterations.
> >
> > ----- Original Message -----
> > > From: "Evan Thompson" <evanthomjd at gmail.com>
> > > To: keycloak-user at lists.jboss.org
> > > Sent: Wednesday, 27 August, 2014 8:47:36 PM
> > > Subject: [keycloak-user] Password Hashing
> > >
> > > Howdy,
> > >
> > > I've been looking into Keycloak and have a question in regards to
> > password
> > > hashing. I came across a closed JIRA item that discusses supporting
> > bcrypt,
> > > but the comments just state that improved password hashing has already
> > been
> > > added. I guess my question is what exactly does Keycloak provide/support
> > in
> > > terms of password encryption and is it configurable.
> > >
> > > Cheers,
> > >
> > > Evan
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
More information about the keycloak-user
mailing list