iteratec / kcwarden

Keycloak Configuration Auditor
https://iteratec.github.io/kcwarden/
Apache License 2.0
11 stars 0 forks source link

New check: Hashing iterations too small #24

Open twwd opened 1 month ago

twwd commented 1 month ago

Only applicable to other algorithms than argon2.

The tooltip in Keycloak states:

The number of times a password is hashed before storage or verification. Default: -1 in case argon2 is used as the hashing algorithm; 210,000 in case pbkdf2-sha512 is used as the hashing algorithm; 600,000 if the pbkdf2-sha256 algorithm is used as the hashing algorithm; 1,300,000 if the pbkdf2 algorithm is used as the hashing algorithm.