login-module "Database" with salt and iterationCount

nimo22 May 7, 2012 7:40 AM

I have set up login-module "Database" in Jboss 7.1 with encrypted password(sha-256). All works.

But now I am wondering how I can use Salts or hash iteration counts.

When encoding a password with a salt or iterate the hash-encoding for a number of times, then the encrypted password cannot be decrypted by Jboss LoginModule, hence the authentication does not work anymore.

As stated here http://www.jasypt.org/howtoencryptuserpasswords.html, it would be more secure to use a salt and a iterationcount of at least 1000 when encoding a password.

So my question is: How could I make jboss loginmodule aware of recognising a salt or a hash iteration count?

1. Re: login-module "Database" with salt and iterationCount

magnus.k.karlsson May 20, 2013 11:50 PM (in response to nimo22)

Have a look at http://www.rtner.de/software/PBKDF2.html. Download the source file and in that a implementation of the above is done in SaltedDatabaseServerLoginModule, as fare as I can see.
Actions