You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Kim Haase (Closed) (JIRA)" <ji...@apache.org> on 2012/04/02 17:47:24 UTC

[jira] [Closed] (DERBY-5550) Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations

     [ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kim Haase closed DERBY-5550.
----------------------------


Changes have appeared in Latest Alpha Manuals.
                
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5550
>                 URL: https://issues.apache.org/jira/browse/DERBY-5550
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Kim Haase
>             Fix For: 10.9.0.0
>
>         Attachments: DERBY-5550-2.diff, DERBY-5550-2.zip, DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira