PBKDF2 icon indicating copy to clipboard operation
PBKDF2 copied to clipboard

Published 20 hours ago verified publisher icon m9aertner

Elytron Wildfly compatibility

Open chadalis opened this issue 3 years ago • 1 comments

Hello,

thank you for sharing!

we are using currently PBKDF2 for Wildfly Legacy-Security. but because of Security reasons of the Legacy Subsystem we had to do a migration to Elytron. unfortunately we couldn't make it work with elytron.

is there a way to implement PBKDF2 with Elytron Wildfly?

if there is a manual or suggestion for a different module I would be really thankful!

best regards,

Chris

chadalis avatar Feb 22 '22 09:02 chadalis

Hello,

have you considered the masked-PBKDF-HMAC-SHA1 ... masked-PBKDF-HMAC-SHA512 options that appear to come with WildFly Elytron? See https://docs.wildfly.org/17/WildFly_Elytron_Security.html#masked-password-types

Also, SCRAM ist available right away, as scram-sha-1 ... scram-sha-512, cf. https://docs.wildfly.org/17/WildFly_Elytron_Security.html#scram

SCRAM uses the PBKDF2 mechanism,

Unfortunately, I do not have the bandwidth to try either currently. I would be surprised if your existing secured data cannot be decoded and/or re-formatted to meet Elytron's expectations, given that the underlying crypto is all standard and not likely to differ.

m9aertner avatar Feb 22 '22 21:02 m9aertner