db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (DERBY-5550) Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
Date Tue, 27 Mar 2012 17:24:26 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Kim Haase resolved DERBY-5550.

          Resolution: Fixed
       Fix Version/s:
    Issue & fix info:   (was: Patch Available)

Thanks again, Knut! 

Once again, no commit email, but I committed patch DERBY-5550-2.diff to documentation trunk
at revision 1305875. 

> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>                 Key: DERBY-5550
>                 URL: https://issues.apache.org/jira/browse/DERBY-5550
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Kim Haase
>             Fix For:
>         Attachments: DERBY-5550-2.diff, DERBY-5550-2.zip, DERBY-5550.diff, DERBY-5550.stat,
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the
credentials before hashing them. (Purpose of the property: Make it infeasible to construct
rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified
by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow
down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm
has a non-null value.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message