[OPENIDM-13293] Request for IDM to allow for hashed passwords with different salt lengths Created: 28/May/19  Updated: 18/Jun/20  Resolved: 23/Jan/20

Status: Resolved
Project: OpenIDM
Component/s: Module - Cryptography
Affects Version/s: 6.5.0
Fix Version/s: 7.0.0

Type: Improvement Priority: Major
Reporter: Wei-Yee Lum Assignee: Travis Haagen
Resolution: Fixed Votes: 0
Labels: CLARK
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is documented by OPENIDM-14277 Update the documentation on hashing c... Closed
relates to OPENIDM-14229 Allow tuning PBKDF2/Bcrypt/Scrypt par... Resolved
is related to OPENIDM-14985 Can’t configure kbaInfo to use bcrypt... Open
Target Version/s:
QA Assignee: Brayden Roth-White
Story Points: 2
Sprint: 2020.01 - IDM
Support Ticket IDs:


Pre-hashed passwords from DS, when sync'd to IDM managed users, do not work for authentication in IDM MANAGED_USER authentication module.
The format of the password hash string in IDM and DS are the same.
But authentication fails because IDM expects a fixed salt length in hashed passwords, that happens to be different from what DS uses.

It would be good if IDM could compute the salt length, so as to allow for different salt lengths in hashed passwords.


Generated at Mon Sep 28 00:06:11 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.