0 Replies Latest reply on Jan 30, 2014 2:10 PM by klind

    Salting passwords

    klind Newbie

      JBoss EAP 6.1.1







      <login-module code="Database" flag="sufficient">
                                  <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/>
                                  <module-option name="principalsQuery" value="select encode(password, 'hex') from principal where username=?"/>
                                  <module-option name="rolesQuery" value="select r.role, r.role_group from role r inner join principal p on r.role = p.role where p.username=?"/>
                                  <module-option name="hashAlgorithm" value="SHA-512"/>
                                  <module-option name="hashEncoding" value="hex"/>


      When storing the password I use :


      public static byte[] sha512(final byte[] message) {
              MessageDigest md = null;
              try {
                  md = MessageDigest.getInstance("SHA-512");
              } catch (NoSuchAlgorithmException e) {
                  throw new RuntimeException("Unable to create message digest", e);
              return md.digest(message);



      Now I want to add Salting to the password.

      I can add salting to the password in the java code before saving it to the database, but how to use the login module then ??


      Do I have to create my custom login module ?