----- Original Message -----
From: "Sven Kieske" <S.Kieske@mittwald.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: devel@ovirt.org Sent: Thursday, April 24, 2014 4:31:45 PM Subject: Re: [ovirt-devel] Feature AAA JDBC password hashing
Well I honestly don't know about export regulations regarding scrypt and I'm no lawyer and can't advise on it, but it seems there is a java implementation for scrypt (same license as ovirt :) ): https://github.com/wg/scrypt
Maybe you can give it a try.
License and cryptographic regulations are two separate things.
As I already said, I don't know if the SHA-256 value is enough or not.
This depends on a lot of factors, which will differ for various users.
I just thought I bring it up here on the list. In the end, you must decide what to do best :)
Thanks!
Am 24.04.2014 15:14, schrieb Alon Bar-Lev:
We relay on what Java JCE can provide natively to avoid US export regulations issues.
-- Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen