libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
keycloak-scim/testsuite
History
Thomas Darimont e7363905fa Change password hashing defaults according to OWASP recommendations (#16629) 
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
..
db-allocator-plugin Fix dependencies in testsuite, adapters and Quarkus module 2023-04-27 13:36:54 +02:00
integration-arquillian Change password hashing defaults according to OWASP recommendations (#16629) 2024-01-24 18:35:51 +01:00
model Map Store Removal: Rename Legacy* classes (#26273) 2024-01-23 13:50:31 +00:00
utils Map Store Removal: Rename Legacy* classes (#26273) 2024-01-23 13:50:31 +00:00
pom.xml Map Store Removal: Delete map profiles from testsuite 2023-11-30 14:59:02 +01:00