Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2435

Provide a bcrypt password storage scheme

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 2.6.3
    • Fix Version/s: 4.0.0, 3.5.0
    • Component/s: security
    • Labels:
      None
    • Sprint:
      OpenDJ Sprint 75

      Description

      We are receiving a few requests to support bcrypt as a password storage scheme.
      bcrypt has the advantage over SSHAxxx algorithm of having a configurable "Cost" which changes the number of iterations of hashing, and thus make password matching taking much more time and cpu.
      There is an implementation of bcrypt in Java (jBcrypt) available under an ISC/BSD licence (and resides in a single file/class).

      This said, OWASP recommends to implement PBKDF2 or scrypt over bcrypt.
      We already have PBKDF2 available in OpenDJ 3.0 with a configurable number of iterations.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ludo Ludovic Poitou
                Reporter:
                ludo Ludovic Poitou
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: