[OAK-697] Security: support for PBKDF2 password hashing - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.7
Component/s: core
Labels:
None

Description

Currently, passwords are hashed using a configurable algorithm, salt, and iteration. This is fine, but the standard PBKDF2 is not supported currently, as we use our own algorithm to combine the salt and password and then iterate.

I would like to add support for the PBKDF2 standard, which is used in WPA, WPA2, iOS, Android, and so on. See also:

http://en.wikipedia.org/wiki/PBKDF2
http://tools.ietf.org/html/rfc2898

The implementation of the most common combination, PBKDF2 with HMAC SHA-1, is already included in Java 6, so we would just have to make use of it. Unfortunately, SHA-256 is not supported yet as far as I see.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

oak-697.patch
13/Mar/13 14:38
6 kB
Thomas Mueller

Issue Links

is related to

OAK-7778 PasswordUtil#isPlainTextPassword doesn't validate PBKDF2 scheme

Closed

Activity

People

Assignee:: Thomas Mueller

Reporter:: Thomas Mueller

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Mar/13 14:33

Updated:: 25/Sep/18 06:51

Resolved:: 10/Apr/13 12:53