New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2562: Modernize Password Storage #2774

spring-issuemaster opened this Issue Apr 18, 2014 · 0 comments


None yet
2 participants
Copy link

spring-issuemaster commented Apr 18, 2014

Rob Winch (Migrated from SEC-2562) said:

Password storage has come a long ways and is a very important aspect of security. We should modernize how passwords are stored and managed.

A special thanks to John Steven for providing guidance on these recommendations.


  • #4666 - Add DelegatingPasswordEncoder
  • #2775 - Make adaptive one-way functions the default scheme (BCrypt)
  • #2158 - Provide a PBKDF2 PasswordEncoder implementation
  • #2776 - Deprecate all salted digest password encoding
  • #2777 - Incorporate Password Storage Scheme spec into stored format
  • #2778 - Support password storage upgrades
  • #2779 - Formal audit of BCrypt implementation
  • #2742 - Support PBKDF2 SHA256 for JDK8+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment