[keycloak-user] Keycloak 3.2.0 issue with PasswordHashProvider SPI
Marek Posolda
mposolda at redhat.com
Tue Jul 18 06:06:33 EDT 2017
I've tried to reproduce but wasn't able. What I did was:
- Start 3.2.0
- During initial creation of admin user, I can see that it uses
iterations -1, so it defaults to 27500 iterations, which is the default
for Pbkdf2Sha256PasswordHashProviderFactory.
- I've manually changed the password policy in admin console and added
Hash Iterations to be 10000.
- After relogin of admin user, I can see that it uses configured 10000
iterations. New users are always created with 10000 iterations.
Marek
On 18/07/17 02:32, Sarp Kaya wrote:
> Hello,
>
> I know that this is an internal SPI but I believe it’s broken.
>
> I realised that interface has been changed, now it’s giving the iterations directly for the “encode” method. The problem is it’s always calling encode method with iterations valued –1 regardless of what you put in the UI. I realised that in keycloak for "Pbkdf2PasswordHashProvider” it’s defaulting to 20000 iterations; but if you want this to be higher or lower, it doesn’t work either (since iterations will always be –1)
>
> My question is, could you please check this? Also if you don’t support “internal SPIs” how are we going to use other encryption methods such as bcrypt or scrypt etc?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list