Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16111

AES Key Wrap iterations can be lower than 10,000

    Details

    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      The documentation for AES Wrap encryption (https://backstage.forgerock.com/docs/am/6.5/install-guide/#prepare-aeswrap) currently states that AM requires at least 10,000 iterations of PBKDF2. This is not true sinceĀ OPENAM-12289 and customers with large numbers of agents should use a much lower value to prevent excessive startup times. AM will log a warning if the number of iterations is low and the encryption password is short (less than 20 characters) but won't prevent it.

        Attachments

          Activity

            People

            • Assignee:
              cristina.herraz Cristina Herraz
              Reporter:
              neil.madden Neil Madden
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: