Foren
Encryption Key / Salt
Wee Chong Ong, geändert vor 7 Jahren.
Encryption Key / Salt
New Member Beiträge: 2 Beitrittsdatum: 15.02.14 Neueste Beiträge
In Liferay password encryption, different algorithms such as PBKDF2WithHmacSHA1/160/128000 or BCrypt can be used to hash the password. However, how is the Salt generated? Can it be configured?
How can key management infrastructure be used to manage the keys used for hashing of the passwords?
How can key management infrastructure be used to manage the keys used for hashing of the passwords?
Samuel Kong, geändert vor 7 Jahren.
RE: Encryption Key / Salt
Liferay Legend Beiträge: 1902 Beitrittsdatum: 10.03.08 Neueste Beiträge
For PBKDF2, the salt is generated using SecureRandom (I didn't dig through the code for BCrypt). The salt generation is a part of the hashing algorithm's implementation logic and is not configurable.
There's no need for a key management. "Encryption" here is a misnomer. Passwords are hashed and are not actually encrypted. So there's no need for key management.
There's no need for a key management. "Encryption" here is a misnomer. Passwords are hashed and are not actually encrypted. So there's no need for key management.