# java security links

# Password Based Encryption support

Specifications : Defined in RFC 2898 from RSA Labs (PKCS#5)

See this example

Password security management :

NEVER save a clear password anyware. We save the password hash salted via PBE mechanism.

Cf this thread by an expert

PBE explanation

Oracle Doc

Good practices :

• password-storage-best-practices
• password-management-best-practices

# Message digest (Hash) support

Check this

# JRE config on deployment

Don't forget that key length usage is restricted by default on EVERY JDK by default

• http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
• www.bouncycastle.org - FAQ
• stackoverflow - how-do-i-generate-a-salt-in-java-for-salted-hash

NIST recommendations