[
https://issues.apache.org/jira/browse/OAK-697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627809#comment-13627809
]
angela commented on OAK-697:
----------------------------
cool, thanks.
> Security: support for PBKDF2 password hashing
> ---------------------------------------------
>
> Key: OAK-697
> URL: https://issues.apache.org/jira/browse/OAK-697
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core
> Reporter: Thomas Mueller
> Assignee: Thomas Mueller
> Priority: Minor
> Attachments: oak-697.patch
>
>
> Currently, passwords are hashed using a configurable algorithm, salt, and
> iteration. This is fine, but the standard PBKDF2 is not supported currently,
> as we use our own algorithm to combine the salt and password and then iterate.
> I would like to add support for the PBKDF2 standard, which is used in WPA,
> WPA2, iOS, Android, and so on. See also:
> http://en.wikipedia.org/wiki/PBKDF2
> http://tools.ietf.org/html/rfc2898
> The implementation of the most common combination, PBKDF2 with HMAC SHA-1, is
> already included in Java 6, so we would just have to make use of it.
> Unfortunately, SHA-256 is not supported yet as far as I see.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
