Derby
  1. Derby
  2. DERBY-5550

Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.9.1.0
    • Fix Version/s: 10.9.1.0
    • Component/s: Documentation
    • Labels:
      None

      Description

      DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:

      • derby.authentication.builtin.saltLength (default: 16)

      This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)

      • derby.authentication.builtin.iterations (default: 1000, minimum: 1)

      This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)

      Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.

      1. DERBY-5550-2.zip
        18 kB
        Kim Haase
      2. DERBY-5550-2.diff
        10 kB
        Kim Haase
      3. DERBY-5550.zip
        18 kB
        Kim Haase
      4. DERBY-5550.stat
        0.2 kB
        Kim Haase
      5. DERBY-5550.diff
        10 kB
        Kim Haase

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Kim Haase
              Reporter:
              Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development