[DERBY-5550] Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.9.1.0
Fix Version/s: 10.9.1.0
Component/s: Documentation
Labels:
None

Description

~~DERBY-5539~~ introduced two new properties that control how BUILTIN stores credentials:

derby.authentication.builtin.saltLength (default: 16)

This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)

derby.authentication.builtin.iterations (default: 1000, minimum: 1)

This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)

Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

DERBY-5550.diff
26/Mar/12 18:44
10 kB
Camilla Haase
DERBY-5550.stat
26/Mar/12 18:44
0.2 kB
Camilla Haase
DERBY-5550.zip
26/Mar/12 18:44
18 kB
Camilla Haase
DERBY-5550-2.diff
27/Mar/12 14:06
10 kB
Camilla Haase
DERBY-5550-2.zip
27/Mar/12 14:06
18 kB
Camilla Haase

Issue Links

is part of

DERBY-5539 Harden password hashing in the builtin authentication service

Closed

Activity

People

Assignee:: Camilla Haase

Reporter:: Knut Anders Hatlen

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Dec/11 11:01

Updated:: 02/Apr/12 15:46

Resolved:: 27/Mar/12 17:24