libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

cleaned up hashing iteration paragraph

Browse source
This commit is contained in:
Chuck Copello 2017-02-15 12:01:01 -05:00 committed by Jen Malloy
parent 913c681cca
commit 8220778a35
1 changed files with 10 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
server_admin/topics/authentication/password-policies.adoc
View file

@ -41,12 +41,11 @@ Hashing Algorithm::
{% endif %}
Hashing Iterations::
This value specifies the number of times a password will be hashed before it is stored or verified. The default value is 20,000.
This hashing is done in the rare case that a hacker gets access to your password database. Once they have the database
This hashing is done in the rare case that a hacker gets access to your password database. Once they have access to the database,
they can reverse engineer user passwords.
The industry recommended value for this parameter changes every year as CPU power improves. The current recommended value
is 20,000. Yes, 20,000 iterations! This is a very intensive CPU operation and with this high of a setting your servers
are going to be spending most of their CPU power on hashing. You'll have to weigh what is more important to you. Performance
or protecting your passwords stores. There may be more cost effective ways of protecting your password stores.
The industry recommended value for this parameter changes every year as CPU power improves. A higher hashing iteration value takes more CPU power for hashing,
and can impact performance. You'll have to weigh what is more important to you. Performance or protecting your passwords stores.
There may be more cost effective ways of protecting your password stores.
Digits::
The number of digits required to be in the password string.
Lowercase Characters::