[OWASP-ESAPI] About owasp-esapi-java
arshan.dabirsiaghi at aspectsecurity.com
Thu May 21 16:05:30 EDT 2009
The HashIterations value is a form of key strengthening . Am I alone in thinking this value should be 1 (essentially off) by default? I'm not suggesting hashing is expensive as search, but I think people would not like the performance results of this feature. After all, it's intended to be slow.
4. There's a HashIterations property key in ESAPI.properties. But this isn't used in org.owasp.esapi.reference.JavaEncyptor's hash method. Instead there's a hardcoded 1024.
Good catch. This has been fixed so the hash iterations are configurable now. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI