libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
keycloak-scim/docs/documentation/upgrading/topics
History
Thomas Darimont e7363905fa Change password hashing defaults according to OWASP recommendations (#16629) 
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
..
keycloak Change password hashing defaults according to OWASP recommendations (#16629) 2024-01-24 18:35:51 +01:00
rhsso Fix broken links (#24476) 2023-11-13 09:17:34 +01:00
install_new_version.adoc Moving docs to new folder 2023-03-20 09:07:58 +01:00
migrate_db.adoc Map Store Removal: Rename Legacy* classes (#26273) 2024-01-23 13:50:31 +00:00
migrate_themes.adoc Moving docs to new folder 2023-03-20 09:07:58 +01:00
prep_migration.adoc Moving docs to new folder 2023-03-20 09:07:58 +01:00
templates Moving docs to new folder 2023-03-20 09:07:58 +01:00
upgrade_adapters.adoc Moving docs to new folder 2023-03-20 09:07:58 +01:00
upgrade_admin_client.adoc Moving docs to new folder 2023-03-20 09:07:58 +01:00