[jira] [Resolved] (KARAF-6925) Support stronger JAAS Encryption algorithms via spring-security-crypto

Jira Fri, 05 Mar 2021 22:06:04 -0800


     [ 
https://issues.apache.org/jira/browse/KARAF-6925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved KARAF-6925.
-----------------------------------------
    Fix Version/s: 4.3.1
                   4.2.11
       Resolution: Fixed

> Support stronger JAAS Encryption algorithms via spring-security-crypto
> ----------------------------------------------------------------------
>
>                 Key: KARAF-6925
>                 URL: https://issues.apache.org/jira/browse/KARAF-6925
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf
>            Reporter: Colm O hEigeartaigh
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: encryption
>             Fix For: 4.2.11, 4.3.1
>
>
> Right now for JAAS password encryption, we only support basic digest 
> algorithms, or else salted algorithms via the jasypt provider. However these 
> are no longer considered secure, instead best practice is to use algorithms 
> like scrypt, bcrypt, argon2, etc.
> The Spring Security Crypto project has password encoders for all of these 
> algorithms, and has minimal dependencies, so we can leverage this to support 
> a more modern encryption alternative.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (KARAF-6925) Support stronger JAAS Encryption algorithms via spring-security-crypto

Reply via email to