Keycloak Password Handling

atb-brown · March 31, 2021, 3:22pm

I’m trying to figure out how Keycloak handles/stores passwords. I’m glad to look through documentation, but in my searching I haven’t found anything that addresses this yet.

I have two primary questions about how Keycloak password handling.

Is Keycloak hashing passwords?
Is Keycloak salting passwords?

And if Keycloak is not salting passwords, is there a recommended way to do our own salting? The only thing I can think to do currently would be to set up a database just to store salt, but that would be a lot of work just to store a salt.

xgp · April 1, 2021, 7:09pm

Yes. Keycloak hashes and salts.

atb-brown · April 1, 2021, 9:15pm

Great. Thank you! Do you know where that might be documented?

dasniko · April 1, 2021, 10:05pm

The built-in algo is PBKDF2 and default hash iterations is 20.000.
See also here:

xgp · April 1, 2021, 11:55pm

And the implementation is here keycloak/Pbkdf2PasswordHashProvider.java at master · keycloak/keycloak · GitHub

Topic		Replies	Views
Hashing algorithm Versions authentication	1	107	December 18, 2023
Keycloak migrating hashed passwords Tips and tricks	0	64	March 20, 2024
Is it possible to use KeyCloak as a remote connection manager DB?	0	516	May 8, 2022
Does Keycloak create and handle user keys? Securing applications authentication	0	263	August 10, 2022
Is there any way to retrieve the password in keycloak Getting advice	2	300	March 3, 2023

Keycloak Password Handling

Related Topics