Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-5550

Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.9.1.0
    • Fix Version/s: 10.9.1.0
    • Component/s: Documentation
    • Labels:
      None

      Description

      DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:

      • derby.authentication.builtin.saltLength (default: 16)

      This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)

      • derby.authentication.builtin.iterations (default: 1000, minimum: 1)

      This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)

      Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.

        Attachments

        1. DERBY-5550-2.zip
          18 kB
          Kim Haase
        2. DERBY-5550-2.diff
          10 kB
          Kim Haase
        3. DERBY-5550.zip
          18 kB
          Kim Haase
        4. DERBY-5550.stat
          0.2 kB
          Kim Haase
        5. DERBY-5550.diff
          10 kB
          Kim Haase

          Issue Links

            Activity

              People

              • Assignee:
                chaase3 Kim Haase
                Reporter:
                knutanders Knut Anders Hatlen
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: