-
1. Re: Custom password hash with JDBC realm
mchoma Jun 7, 2018 5:46 AM (in response to pmm)Did you looked at scram-mapper of jdbc-realm? You can specify hash algorithm, salt, iteration there.
-
2. Re: Custom password hash with JDBC realm
pmm Jun 7, 2018 12:14 PM (in response to mchoma)mchoma wrote:
Did you looked at scram-mapper of jdbc-realm? You can specify hash algorithm, salt, iteration there.
We did, we are currently using PBKDF2WithHmacSHA512 and directly call SecretKeyFactory. However in the scram-mapper we only have "scram-sha-1" and "scram-sha-256" available. Would "scram-sha-1" produce the same output as PBKDF2WithHmacSHA1 assuming the same number of rounds and salt?
-
-
4. Re: Custom password hash with JDBC realm
honza889 Jun 8, 2018 6:28 AM (in response to mchoma)Hi, following way of obtaining hash:
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); PBEKeySpec keySpec = new PBEKeySpec(password, salt, ic, 160); SecretKey secretKey = keyFactory.generateSecret(keySpec); byte[] encoded = secretKey.getEncoded();
is equivalent to following in wildfly-elytron:
PasswordFactory factory = PasswordFactory.getInstance(ALGORITHM_SCRAM_SHA_1); IteratedSaltedPasswordAlgorithmSpec algoSpec = new IteratedSaltedPasswordAlgorithmSpec(ic, salt); EncryptablePasswordSpec encSpec = new EncryptablePasswordSpec(password, algoSpec); ScramDigestPassword scramPassword = (ScramDigestPassword) factory.generatePassword(encSpec); byte[] elytronEncoded = scramPassword.getDigest();
which is equivalent to following in JDBC realm:
<scram-mapper algorithm="scram-sha-1" password-index="1" salt-index="2" iteration-count-index="10000"/>
(Unfortunately there is missing scram-sha-512 in elytron subsystem, even through it is supported in wildfly-elytron - reporting as bug: WFCORE-3919)