Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-697

Security: support for PBKDF2 password hashing

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7
    • Component/s: core
    • Labels:
      None

      Description

      Currently, passwords are hashed using a configurable algorithm, salt, and iteration. This is fine, but the standard PBKDF2 is not supported currently, as we use our own algorithm to combine the salt and password and then iterate.

      I would like to add support for the PBKDF2 standard, which is used in WPA, WPA2, iOS, Android, and so on. See also:

      http://en.wikipedia.org/wiki/PBKDF2
      http://tools.ietf.org/html/rfc2898

      The implementation of the most common combination, PBKDF2 with HMAC SHA-1, is already included in Java 6, so we would just have to make use of it. Unfortunately, SHA-256 is not supported yet as far as I see.

        Attachments

        1. oak-697.patch
          6 kB
          Thomas Mueller

          Issue Links

            Activity

              People

              • Assignee:
                thomasm Thomas Mueller
                Reporter:
                thomasm Thomas Mueller
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: