You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2014/06/25 15:51:25 UTC

[jira] [Commented] (SYNCOPE-513) Make value encryption parametric

    [ https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14043460#comment-14043460 ] 

Colm O hEigeartaigh commented on SYNCOPE-513:
---------------------------------------------


I can take this on, unless someone else wants to fix it?

Colm.

> Make value encryption parametric
> --------------------------------
>
>                 Key: SYNCOPE-513
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-513
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.1.8
>            Reporter: Yann Diorcet
>             Fix For: 1.2.0
>
>
> In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt mechanism configuration is hardcoded
> If the LDAP server doesn't use the same salt mechanism configuration, the password can't be matched during authentication.
> For example SSHA digest from OpenDJ uses a suffixed 8 bytes salt (in hash and plan)
> Original:
> {code}
>             digester.setIterations(100000);
>             digester.setSaltSizeBytes(16);
> {code}
> Modified for OpenDJ:
> {code}
>             digester.setIterations(1);
>             digester.setSaltSizeBytes(8);
>             digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
>             digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
> {code}
> {{Encryptor}} can read from global configuration parameters so that you can configure some aspect of the way how ciphered values (not only password values in 1.2.X).



--
This message was sent by Atlassian JIRA
(v6.2#6252)