Fixing the docs about default hashing iterations (#27020)
closes #26816 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
This commit is contained in:
parent
df38081fe8
commit
e2fb8406a3
2 changed files with 6 additions and 4 deletions
|
@ -1778,7 +1778,7 @@ $ kcadm.sh create components -r demorealm -s name=full-name-ldap-mapper -s provi
|
||||||
. Set the realm's `passwordPolicy` attribute to an enumeration expression that includes the specific policy provider ID and optional configuration.
|
. Set the realm's `passwordPolicy` attribute to an enumeration expression that includes the specific policy provider ID and optional configuration.
|
||||||
. Use the following example to set a password policy to default values. The default values include:
|
. Use the following example to set a password policy to default values. The default values include:
|
||||||
|
|
||||||
* 27,500 hashing iterations
|
* 210,000 hashing iterations
|
||||||
* at least one special character
|
* at least one special character
|
||||||
* at least one uppercase character
|
* at least one uppercase character
|
||||||
* at least one digit character
|
* at least one digit character
|
||||||
|
@ -1792,7 +1792,7 @@ $ kcadm.sh update realms/demorealm -s 'passwordPolicy="hashIterations and specia
|
||||||
. To use values different from defaults, pass the configuration in brackets.
|
. To use values different from defaults, pass the configuration in brackets.
|
||||||
. Use the following example to set a password policy to:
|
. Use the following example to set a password policy to:
|
||||||
|
|
||||||
* 25,000 hash iterations
|
* 300,000 hash iterations
|
||||||
* at least two special characters
|
* at least two special characters
|
||||||
* at least two uppercase characters
|
* at least two uppercase characters
|
||||||
* at least two lowercase characters
|
* at least two lowercase characters
|
||||||
|
@ -1803,7 +1803,7 @@ $ kcadm.sh update realms/demorealm -s 'passwordPolicy="hashIterations and specia
|
||||||
+
|
+
|
||||||
[options="nowrap"]
|
[options="nowrap"]
|
||||||
----
|
----
|
||||||
$ kcadm.sh update realms/demorealm -s 'passwordPolicy="hashIterations(25000) and specialChars(2) and upperCase(2) and lowerCase(2) and digits(2) and length(9) and notUsername and passwordHistory(4)"'
|
$ kcadm.sh update realms/demorealm -s 'passwordPolicy="hashIterations(300000) and specialChars(2) and upperCase(2) and lowerCase(2) and digits(2) and length(9) and notUsername and passwordHistory(4)"'
|
||||||
----
|
----
|
||||||
|
|
||||||
[discrete]
|
[discrete]
|
||||||
|
|
|
@ -34,7 +34,9 @@ If you change the hashing algorithm, password hashes in storage will not change
|
||||||
====
|
====
|
||||||
|
|
||||||
===== Hashing iterations
|
===== Hashing iterations
|
||||||
Specifies the number of times {project_name} hashes passwords before storage or verification. The default value is 27,500.
|
Specifies the number of times {project_name} hashes passwords before storage or verification. The default value is 210,000 in case that `pbkdf2-sha512` is used as hashing algorithm, which is by default.
|
||||||
|
If other hash algorithms are explicitly set by using the`HashAlgorithm` policy, the default count of hashing iterations could be different. For instance, it is 600,000 by default if the`pbkdf2-sha256` algorithm is used or 1,300,000 if
|
||||||
|
the `pbkdf2` algorithm (Algorithm `pbkdf2` corresponds to PBKDF2 with HMAC-SHA1).
|
||||||
|
|
||||||
{project_name} hashes passwords to ensure that hostile actors with access to the password database cannot read passwords through reverse engineering.
|
{project_name} hashes passwords to ensure that hostile actors with access to the password database cannot read passwords through reverse engineering.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue