Skip to content

Make salt length configurable in Pbkdf2PasswordEncoder #4372

New issue
New issue
Closed
#9147
Closed
Make salt length configurable in Pbkdf2PasswordEncoder#4372
#9147
Assignees
rwinch
Labels
in: cryptoAn issue in spring-security-cryptostatus: duplicateA duplicate of another issue
@dlvenable

Description

@dlvenable
dlvenable
opened on Jun 7, 2017

Summary

The Pbkdf2PasswordEncoder class always generates an 8-byte salt. NIST Special Publication 800-132 section 5.1 calls for at least a 16-byte salt. Having a constructor parameter to either replace the BytesKeyGenerator or choose the key length of the generated BytesKeyGenerator would be very helpful.

Version

Spring 4.1 and above

Sample

String secret = "secret"
int iterations = 200000;
int hashWidth = 256;
int saltLength = 16;
new Pbkdf2PasswordEncoder(secret, iterations, hashWidth, saltLength);
new Pbkdf2PasswordEncoder(secret, saltLength);

Metadata

Metadata

Assignees

Labels

in: cryptoAn issue in spring-security-cryptostatus: duplicateA duplicate of another issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions