Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.8
    • Fix Version/s: 1.2.0-M1
    • Component/s: core
    • Labels:
      None

      Description

      In PasswordEncoder (1.1.X) / Encryptor (1.2.X) class the salt mechanism configuration is hardcoded
      If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication.

      For example SSHA is defined by RFC 2307 as:

      digester.setIterations(1);
      digester.setSaltSizeBytes(8);
      digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
      digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
      digester.setUseLenientSaltSizeCheck(true);
      

      See Jasypt's javadocs for more details.

      Encryptor can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X).

        Attachments

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              diorcety Yann Diorcet
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: