Re: [ovirt-devel] Feature AAA JDBC password hashing

From: "Sven Kieske" <S.Kieske(a)mittwald.de&gt; To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; Cc: devel(a)ovirt.org Sent: Thursday, April 24, 2014 4:31:45 PM Subject: Re: [ovirt-devel] Feature AAA JDBC password hashing Well I honestly don't know about export regulations regarding scrypt and I'm no lawyer and can't advise on it, but it seems there is a java implementation for scrypt (same license as ovirt :) ): https://github.com/wg/scrypt Maybe you can give it a try.

As I already said, I don't know if the SHA-256 value is enough or not. This depends on a lot of factors, which will differ for various users. I just thought I bring it up here on the list. In the end, you must decide what to do best :)

Am 24.04.2014 15:14, schrieb Alon Bar-Lev: > We relay on what Java JCE can provide natively to avoid US export > regulations issues. -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen