Update default configuration for Pbkdf2PasswordEncoder

jgrandja · jgrandja · commit a173a7193571 · 2022-10-04T09:07:22.000-04:00
The recommended minimums for PBKDF2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are: If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256. Previous default configuration: algorithm=SHA1, iterations=185000, hashLength=256 New default configuration: algorithm=SHA256, iterations=310000, hashLength=256 The default salt length was also updated from 8 to 16. Issue gh-10506
diff --git a/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java b/crypto/src/main/java/org/springframework/security/crypto/factory/PasswordEncoderFactories.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -71,7 +71,14 @@ public static PasswordEncoder createDelegatingPasswordEncoder() {
 		encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder());
 		encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5"));
 		encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
-		encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
+
+		// Preserve the original settings for PBKDF2 for backwards compatibility.
+		// The default configuration has been updated to the recommended minimums.
+		// See gh-10506 Update PasswordEncoder Minimums
+		Pbkdf2PasswordEncoder pbkdf2PasswordEncoder = new Pbkdf2PasswordEncoder("", 8, 185000, 256);
+		pbkdf2PasswordEncoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1);
+		encoders.put("pbkdf2", pbkdf2PasswordEncoder);
+
 		encoders.put("scrypt", new SCryptPasswordEncoder());
 		encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1"));
 		encoders.put("SHA-256",
diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,11 +50,11 @@
  */
 public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
-	private static final int DEFAULT_SALT_LENGTH = 8;
+	private static final int DEFAULT_SALT_LENGTH = 16;
 
 	private static final int DEFAULT_HASH_WIDTH = 256;
 
-	private static final int DEFAULT_ITERATIONS = 185000;
+	private static final int DEFAULT_ITERATIONS = 310000;
 
 	private final BytesKeyGenerator saltGenerator;
 
@@ -64,7 +64,7 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder {
 
 	private final int iterations;
 
-	private String algorithm = SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1.name();
+	private String algorithm = SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256.name();
 
 	private boolean encodeHashAsBase64;
 
diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 
 import java.util.Arrays;
 
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.security.crypto.codec.Hex;
@@ -28,11 +29,23 @@
 
 public class Pbkdf2PasswordEncoderTests {
 
-	private Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("secret");
+	private Pbkdf2PasswordEncoder encoder;
 
-	private Pbkdf2PasswordEncoder encoderSalt16 = new Pbkdf2PasswordEncoder("", 16);
+	private Pbkdf2PasswordEncoder encoderSalt16;
 
-	private Pbkdf2PasswordEncoder[] encoders = new Pbkdf2PasswordEncoder[] { this.encoder, this.encoderSalt16 };
+	private Pbkdf2PasswordEncoder[] encoders;
+
+	@BeforeEach
+	public void setup() {
+		// Restore the original settings for PBKDF2 for backwards compatibility.
+		// The default configuration has been updated to the recommended minimums.
+		// See gh-10506 Update PasswordEncoder Minimums
+		this.encoder = new Pbkdf2PasswordEncoder("secret", 8, 185000, 256);
+		this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1);
+		this.encoderSalt16 = new Pbkdf2PasswordEncoder("", 16, 185000, 256);
+		this.encoderSalt16.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1);
+		this.encoders = new Pbkdf2PasswordEncoder[] { this.encoder, this.encoderSalt16 };
+	}
 
 	@Test
 	public void encodedLengthSuccess() {
