keycloak-scim/docs/documentation/server_admin
Thomas Darimont e7363905fa Change password hashing defaults according to OWASP recommendations (#16629)
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
..
getting_started/images
images Creating documentation for Lightweight access token(#25743) 2024-01-09 09:48:20 +01:00
topics Change password hashing defaults according to OWASP recommendations (#16629) 2024-01-24 18:35:51 +01:00
.asciidoctorconfig Show images in the documentation in the IDE's preview (#23055) 2023-09-19 11:28:48 +02:00
docinfo-footer.html
docinfo.html
index.adoc
pom.xml Run tests for the moved documentation (#19278) 2023-03-28 12:35:27 +02:00
topics.adoc Update Social Identity Providers documentation (#24601) 2023-11-16 17:58:53 +01:00