[
https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14322638#comment-14322638
]
Francesco Chicchiriccò commented on SYNCOPE-513:
------------------------------------------------
Please start a thread on [email protected] (after subscribing, if needed)
to discuss this.
> Make value encryption parametric
> --------------------------------
>
> Key: SYNCOPE-513
> URL: https://issues.apache.org/jira/browse/SYNCOPE-513
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.1.8
> Reporter: Yann Diorcet
> Assignee: Francesco Chicchiriccò
> Fix For: 1.2.0-M1
>
>
> In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt
> mechanism configuration is hardcoded
> If the LDAP server doesn't use the same salt mechanism configuration, the
> password can't be matched during authentication.
> For example {{SSHA}} is defined by RFC 2307 as:
> {code}
> digester.setIterations(1);
> digester.setSaltSizeBytes(8);
> digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
> digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
> digester.setUseLenientSaltSizeCheck(true);
> {code}
> See [Jasypt's
> javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html]
> for more details.
> {{Encryptor}} can read from global configuration parameters so that you can
> configure some aspect of the way how ciphered values (not only password
> values in 1.2.X).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
