[SYNCOPE-513] Make value encryption parametric - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1.8
Fix Version/s: 1.2.0-M1
Component/s: core
Labels:
None

Description

In PasswordEncoder (1.1.X) / Encryptor (1.2.X) class the salt mechanism configuration is hardcoded
If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication.

For example SSHA is defined by RFC 2307 as:

digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
digester.setUseLenientSaltSizeCheck(true);

See Jasypt's javadocs for more details.

Encryptor can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X).

Attachments

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Yann Diorcet

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 20/Jun/14 14:56

Updated:: 16/Feb/15 10:46

Resolved:: 27/Jun/14 09:29