[ovirt-devel] Feature AAA JDBC password hashing

Alon Bar-Lev alonbl at redhat.com
Thu Apr 24 16:41:01 UTC 2014 


----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Sven Kieske" <S.Kieske at mittwald.de>
> Cc: devel at ovirt.org
> Sent: Thursday, April 24, 2014 4:46:43 PM
> Subject: Re: [ovirt-devel] Feature AAA JDBC password hashing
> 
> 
> 
> ----- Original Message -----
> > From: "Sven Kieske" <S.Kieske at mittwald.de>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: devel at ovirt.org
> > Sent: Thursday, April 24, 2014 4:31:45 PM
> > Subject: Re: [ovirt-devel] Feature AAA JDBC password hashing
> > 
> > Well I honestly don't know
> > about export regulations regarding
> > scrypt and I'm no lawyer and can't advise on
> > it, but it seems there is a java implementation
> > for scrypt (same license as ovirt :) ):
> > https://github.com/wg/scrypt
> > 
> > Maybe you can give it a try.
> 
> License and cryptographic regulations are two separate things.

OK, I modified the page with example of usage PBE instead of HMAC.
It should be clearer now that it is all about password.
But only in jdk-8 there will be stronger methods[1].
The scrypt is not among these, but if you register this as crypto provider you should be able to use it.

[1] http://openjdk.java.net/jeps/121

> 
> > 
> > As I already said, I don't know
> > if the SHA-256 value is enough or not.
> > 
> > This depends on a lot of factors, which
> > will differ for various users.
> > 
> > I just thought I bring it up here on the list.
> > In the end, you must decide what to do best :)
> 
> Thanks!
> 
> > 
> > Am 24.04.2014 15:14, schrieb Alon Bar-Lev:
> > > We relay on what Java JCE can provide natively to avoid US export
> > > regulations issues.
> > 
> > --
> > Mit freundlichen Grüßen / Regards
> > 
> > Sven Kieske
> > 
> > Systemadministrator
> > Mittwald CM Service GmbH & Co. KG
> > Königsberger Straße 6
> > 32339 Espelkamp
> > T: +49-5772-293-100
> > F: +49-5772-293-333
> > https://www.mittwald.de
> > Geschäftsführer: Robert Meyer
> > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel

More information about the Devel mailing list