Scrypt Password Storage Scheme

Synopsis

Indicates whether the Password Storage Scheme is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Synopsis

Indicates whether the server should rehash passwords after the cost has been changed.

Description

Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server.

Default value

never

Allowed values

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Synopsis

The block size for the digest in bytes that will be used to encode passwords.

Description

The value must be greater than or equal to one. The amount of memory that will be temporarily consumed in the course of generating the password is 128*2^N*r bytes, where "N" represents the CPU/memory cost factor exponent and "r" represents the configured block size. The Scrypt Password Storage Scheme will not permit the total memory consumption per password encoding to exceed the scrypt-memory-pool-size.

Default value

8

Allowed values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Synopsis

The power of 2 (ie exponent) used for the CPU/memory cost factor.

Description

The value must be less than (128*r/8), where "r" represents the configured block size. The amount of memory that will be consumed in the course of generating the password is (128*2^N*r) bytes, where "N" represents the CPU/memory cost factor exponent and "r" represents the configured block size. The Scrypt Password Storage Scheme will not permit the total memory consumption per password encoding to exceed the scrypt-memory-pool-size.

Default value

14

Allowed values

An integer.

Lower limit: 1.

Upper limit: 30.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Synopsis

The number of times that scrypt has to perform the entire encoding process to produce the final result.

Description

The amount of processing required to encode a password increases linearly with the value of this parameter. If an attacker uses an scrypt implementation that supports the use of multiple threads to perform multiple encodings in parallel, then it also linearly increases the amount of memory required.

Default value

1

Allowed values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Synopsis

Specifies the fully-qualified name of the Java class that provides the Scrypt Password Storage Scheme implementation.

Default value

org.opends.server.extensions.ScryptPasswordStorageScheme

Allowed values

A Java class that extends or implements:

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No

Synopsis

The amount of memory dedicated to scrypt password hashing.

Description

This amount of memory places an upper limit on the number of scrypt password hashes which can be computed concurrently. Every bind request using scrypt password hashing will acquire memory from this pool, and release it once computation has completed. When the pool is empty, incoming bind requests using scrypt will be paused, waiting for concurrent scrypt computation to finish and return memory to the pool.

Default value

36 mb

Allowed values

Uses size syntax.

Upper limit: 400000000.

Multi-valued

No

Required

No

Admin action required

Restart the server for changes to take effect.

Advanced

Yes

Read-only

No