Skip to content

w-caffiero-entando/a22f031d

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
OWNERS
OWNERS
 
 
OWNERS_ALIASES
OWNERS_ALIASES
 
 
README.md
README.md
 
 
jenkins-x.yml
jenkins-x.yml
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Build Status Quality Gate Status Coverage Vulnerabilities Code Smells Security Rating Technical Debt

entando-core-engine

Argon2 encryption algorithm. It provides a one-way encryption for passwords in the Entando Platform.

Configuration You can configure the execution of the algorithm by editing the properties file security.properties; you can find this file in src/main/config path of your project. The default values of the settings are:

algo.argon2.hash.length=32
algo.argon2.salt.length=16
algo.argon2.iterations=4
algo.argon2.memory=65536
algo.argon2.parallelism=4```

Correct values for ```algo.argon2.type``` are (case sensitive):
1. ARGON2d is faster and uses data-depending memory access;
2. ARGON2i default value, is slower but uses data-independent memory access;
3. ARGON2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses;

Correct values for ```algo.argon2.hash.length``` are: 4..2^32-1 (longer hash means more complex and safe hash but slower execution)

Correct values for ```algo.argon2.salt.length``` are: 8..2^32-1 (longer salt means more complex and safe hash but slower execution)

Correct values for ```algo.argon2.iterations``` are: 1..2^32-1 (more iterations means more complex and safe hash but slower execution)

Correct values for ```algo.argon2.parallelism``` are: 8..2^32-1 (parallelism means the number of execution threads; more threads means more complex and safe hash but slower execution)

Correct values for ```algo.argon2.memory``` are: 8*parallelism..2^32-1 (greater memory means more complex and safe hash but slower execution)

*Important*
If you put the wrong values, default values will be used.
*You can configure the algorithm just one time, before the first launch of your project; changing the parameters afterwards will no longer allow the verification of passwords*.


In order to use the new encryption methods in an existing project, you have to execute this ```alter table``` on your Serv DB (example for PostgreSql):
```ALTER TABLE authusers
   ALTER COLUMN passwd TYPE character varying(512);```

Furthermore, if you want to change the parameters, you have to create the propertis file ```security.properties``` in ```src/main/config``` path of your project.



Entando Core is released under [GNU Lesser General Public License V 3.0] https://github.com/entando/entando-core/blob/master/LICENSE

Enjoy!

*The Entando Team*

About

No description, website, or topics provided.

Resources

Readme

License

LGPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages