You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Thomas Mueller (JIRA)" <ji...@apache.org> on 2013/04/10 14:54:16 UTC

[jira] [Resolved] (OAK-697) Security: support for PBKDF2 password hashing

     [ https://issues.apache.org/jira/browse/OAK-697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Mueller resolved OAK-697.
--------------------------------

    Resolution: Fixed
      Assignee: Thomas Mueller
    
> Security: support for PBKDF2 password hashing
> ---------------------------------------------
>
>                 Key: OAK-697
>                 URL: https://issues.apache.org/jira/browse/OAK-697
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: core
>            Reporter: Thomas Mueller
>            Assignee: Thomas Mueller
>            Priority: Minor
>         Attachments: oak-697.patch
>
>
> Currently, passwords are hashed using a configurable algorithm, salt, and iteration. This is fine, but the standard PBKDF2 is not supported currently, as we use our own algorithm to combine the salt and password and then iterate.
> I would like to add support for the PBKDF2 standard, which is used in WPA, WPA2, iOS, Android, and so on. See also:
> http://en.wikipedia.org/wiki/PBKDF2
> http://tools.ietf.org/html/rfc2898
> The implementation of the most common combination, PBKDF2 with HMAC SHA-1, is already included in Java 6, so we would just have to make use of it. Unfortunately, SHA-256 is not supported yet as far as I see.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira