Interface BcryptPasswordStorageSchemeCfg

  • All Superinterfaces:
    Configuration, PasswordStorageSchemeCfg

    public interface BcryptPasswordStorageSchemeCfg
    extends PasswordStorageSchemeCfg
    A server-side interface for querying Bcrypt Password Storage Scheme settings.

    The Bcrypt Password Storage Scheme provides a mechanism for encoding user passwords using the bcrypt message digest algorithm.

    • Method Detail

      • addBcryptChangeListener

        void addBcryptChangeListener​(ConfigurationChangeListener<BcryptPasswordStorageSchemeCfg> listener)
        Register to be notified when this Bcrypt Password Storage Scheme is changed.
        Parameters:
        listener - The Bcrypt Password Storage Scheme configuration change listener.
      • removeBcryptChangeListener

        void removeBcryptChangeListener​(ConfigurationChangeListener<BcryptPasswordStorageSchemeCfg> listener)
        Deregister an existing Bcrypt Password Storage Scheme configuration change listener.
        Parameters:
        listener - The Bcrypt Password Storage Scheme configuration change listener.
      • getBcryptCost

        int getBcryptCost()
        Gets the "bcrypt-cost" property.

        The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users.

        By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user's password hash on their next authentication, and write the new hash to the user's entry on disk. Changing the number of iterations therefore leads to a short-term spike in CPU and disk use as the server updates each user's password when they next authenticate. Longer term, increasing this settings results in more secure passwords at the expense of longer response times and lower throughput.

        Default value: 12

        Returns:
        Returns the value of the "bcrypt-cost" property.
      • getJavaClass

        String getJavaClass()
        Gets the "java-class" property.

        Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation.

        Default value: org.opends.server.extensions.BcryptPasswordStorageScheme

        Specified by:
        getJavaClass in interface PasswordStorageSchemeCfg
        Returns:
        Returns the value of the "java-class" property.
      • getRehashPolicy

        BcryptPasswordStorageSchemeCfgDefn.RehashPolicy getRehashPolicy()
        Gets the "rehash-policy" property.

        Indicates whether the server should rehash passwords after the cost has been changed.

        Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.

        Default value: never

        Returns:
        Returns the value of the "rehash-policy" property.