DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
- derby.authentication.builtin.saltLength (default: 16)
This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
- derby.authentication.builtin.iterations (default: 1000, minimum: 1)
This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.