1 Reply Latest reply on May 20, 2013 11:50 PM by Magnus K Karlsson

    login-module "Database" with salt and iterationCount

    nimo stephan Master

      I have set up login-module "Database" in Jboss 7.1 with encrypted password(sha-256). All works.

       

      But now I am wondering how I can use Salts or hash iteration counts.

       

      When encoding a password with a salt or iterate the hash-encoding for a number of times, then the encrypted password cannot be decrypted by Jboss LoginModule, hence the authentication does not work anymore.

       

      As stated here http://www.jasypt.org/howtoencryptuserpasswords.html, it would be more secure to use a salt and a iterationcount of at least 1000 when encoding a password.

       

      So my question is: How could I make jboss loginmodule aware of recognising a salt or a hash iteration count?