[midPoint] Password Hashing configuration
Sven Feyerabend
Sven.Feyerabend at stuvus.uni-stuttgart.de
Sun Feb 26 12:47:09 CET 2023
Hello everyone,
I want to configure midPoint to store a password hash instead of the
encrypted password.
I took a look at the documentation
https://docs.evolveum.com/midpoint/reference/security/credentials/password-storage-configuration/
and noticed that midPoint uses PBKDF2 with HMAC SHA512. As a work factor
the documentation mentions 10 000, which is quite small. Is this still
acurate?
The current OWASP Recommendation for PBKDF2-HMAC-SHA512 work factor is
210 000 iterations
(https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2).
Is there some way to configure this in midPoint?
Thanks and kind regards
Sven
More information about the midPoint
mailing list