Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16111

AES Key Wrap iterations can be lower than 10,000

    XMLWordPrintable

    Details

    • Rank:
      1|i00iwn:
    • No
    • No
    • No
    • No (add reasons in the comment)

      Description

      The documentation for AES Wrap encryption (https://backstage.forgerock.com/docs/am/6.5/install-guide/#prepare-aeswrap) currently states that AM requires at least 10,000 iterations of PBKDF2. This is not true sinceĀ OPENAM-12289 and customers with large numbers of agents should use a much lower value to prevent excessive startup times. AM will log a warning if the number of iterations is low and the encryption password is short (less than 20 characters) but won't prevent it.

        Attachments

          Activity

            People

            cristina.herraz Cristina Herraz [X] (Inactive)
            neil.madden Neil Madden
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: