[ovirt-devel] Feature AAA JDBC password hashing
Sven Kieske
S.Kieske at mittwald.de
Thu Apr 24 13:01:52 UTC 2014
scrypt is no cipher, it's a key derivation function
based on a hash.
see [1] or [2] for details.
I know that http://www.ovirt.org/Features/AAA_JDBC
states there will be additional anti brute force
mechanics, but those don't apply e.g. if a database
gets stolen.
HTH
Am 24.04.2014 14:39, schrieb Alon Bar-Lev:
> Why do you need cipher when you can use hash?
PS:
This is just a general remark regarding security.
I don't know about the scope of this feature
as it is neither stated in the BZ nor on the
wiki, so I might be wrong.
[1] https://en.wikipedia.org/wiki/Scrypt
[2] http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
More information about the Devel
mailing list