[
https://issues.apache.org/jira/browse/OFBIZ-8537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15721925#comment-15721925 ]
Michael Brohl edited comment on OFBIZ-8537 at 12/5/16 10:47 AM:
----------------------------------------------------------------
I ask myself if we should introduce PBKDF2 if it is not RFC compliant (which I have not checked) and has known weaknesses and/or better solutions are available?
was (Author: mbrohl):
I ask myself if we should introduce PBKDF2 if it is not RFC compliant and has known weaknesses and/or better solutions are available?
> LoginWorker HashCrypt the type of hash for one-way encryption
> -------------------------------------------------------------
>
> Key: OFBIZ-8537
> URL:
https://issues.apache.org/jira/browse/OFBIZ-8537> Project: OFBiz
> Issue Type: New Feature
> Components: framework
> Affects Versions: Trunk
> Reporter: wangjunyuan
> Assignee: Shi Jinghai
> Priority: Minor
> Labels: HashCrypt, PBKDF2, security.properties
> Attachments: HashCrypt.patch
>
>
> PBKDF2 (Password-Based Key Derivation Function 2) is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. It replaces an earlier key derivation function, PBKDF1, which could only produce derived keys up to 160 bits long.Add this function to ofbiz ,this PBKDF2 has four types in Javaļ¼'PBKDF2WithHmacSHA1','PBKDF2WithHmacSHA256','PBKDF2WithHmacSHA384','PBKDF2WithHmacSHA512'
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
