Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6855

Make the default password storage scheme be PBKDF2-HMAC-SHA256 with 10 iterations

    Details

    • Type: Task
    • Status: Done
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: core server, security
    • Labels:
      None

      Description

      OPENDJ-6814 helped us quantify the costs of various password storage schemes with different iteration counts compared to the previous default (Salted SHA512).

      Acceptance criteria

      After much debate, the decision has been made: the default password storage scheme is PBKDF2-HMAC-SHA256 with 10 iterations.

      Also use this setting for the DS Evaluation profile, which is currently using Salted SHA-512.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cforel carole forel
                Reporter:
                JnRouvignac Jean-Noël Rouvignac
                Dev Assignee:
                Matthew Swift
                QA Assignee:
                carole forel
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: