Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Solaris 10 SHA256 password encryption

843811Jul 20 2009 — edited Jul 20 2009
I need to put together a statement of how secure this is.
Can anyone answer the following?

Ref SHA256 password encryption on Solaris 10

*1/*
Is the password Salt: prepended, appended or intermingled in some other way with the password prior to hashing?

*2/*
The password Salt must be different for each user. How is this achieved?
E.G. Salt includes identifying data such as User id, time, sudo random constantÂ….?

*3/*
Is the salt protected to the same extent as the hash values are protected?

*4/*
Does the salt have a minimum length of 64 bits, 128 or higher is preferred?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 17 2009
Added on Jul 20 2009
#cryptography
1 comment
375 views