mirror of
https://github.com/keycloak/keycloak.git
synced 2026-04-24 23:57:00 -04:00
e7363905fa
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2): - Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512 - Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000 - Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000 - Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000 - Adapt PasswordHashingTest to new defaults - The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations. - Document changes in changes document with note on performance and how to keep the old behaviour. - Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly Fixes #16629 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> |
||
|---|---|---|
| .. | ||
| admin.adoc | ||
| audience-limit.adoc | ||
| auth-sessions-limit.adoc | ||
| brute-force.adoc | ||
| clickjacking.adoc | ||
| compromised-codes.adoc | ||
| compromised-tokens.adoc | ||
| csrf.adoc | ||
| fapi-compliance.adoc | ||
| host.adoc | ||
| open-redirect.adoc | ||
| password-db-compromised.adoc | ||
| read-only-attributes.adoc | ||
| redirect.adoc | ||
| scope.adoc | ||
| sql.adoc | ||
| ssl.adoc | ||