You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/03/06 06:03:00 UTC
[jira] [Commented] (KARAF-6925) Support stronger JAAS Encryption
algorithms via spring-security-crypto
[ https://issues.apache.org/jira/browse/KARAF-6925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17296450#comment-17296450 ]
ASF GitHub Bot commented on KARAF-6925:
---------------------------------------
jbonofre commented on pull request #1259:
URL: https://github.com/apache/karaf/pull/1259#issuecomment-791880212
As it's an optional JAAS bundle, it makes sense to keep it as a feature (no need to use private package as it's not part of "core" JAAS). LGTM.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Support stronger JAAS Encryption algorithms via spring-security-crypto
> ----------------------------------------------------------------------
>
> Key: KARAF-6925
> URL: https://issues.apache.org/jira/browse/KARAF-6925
> Project: Karaf
> Issue Type: Improvement
> Components: karaf
> Reporter: Colm O hEigeartaigh
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Labels: encryption
>
> Right now for JAAS password encryption, we only support basic digest algorithms, or else salted algorithms via the jasypt provider. However these are no longer considered secure, instead best practice is to use algorithms like scrypt, bcrypt, argon2, etc.
> The Spring Security Crypto project has password encoders for all of these algorithms, and has minimal dependencies, so we can leverage this to support a more modern encryption alternative.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)