You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2021/02/18 07:31:00 UTC

[jira] [Updated] (KARAF-6925) Support stronger JAAS Encryption algorithms via spring-security-crypto

     [ https://issues.apache.org/jira/browse/KARAF-6925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré updated KARAF-6925:
----------------------------------------
       Fix Version/s:     (was: 4.3.1)
                          (was: 4.2.11)
    Target Version/s: 4.2.11, 4.3.1

> Support stronger JAAS Encryption algorithms via spring-security-crypto
> ----------------------------------------------------------------------
>
>                 Key: KARAF-6925
>                 URL: https://issues.apache.org/jira/browse/KARAF-6925
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf
>            Reporter: Colm O hEigeartaigh
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: encryption
>
> Right now for JAAS password encryption, we only support basic digest algorithms, or else salted algorithms via the jasypt provider. However these are no longer considered secure, instead best practice is to use algorithms like scrypt, bcrypt, argon2, etc.
> The Spring Security Crypto project has password encoders for all of these algorithms, and has minimal dependencies, so we can leverage this to support a more modern encryption alternative.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)