Hi All,
We would like to ask if Nexus is using PBKDF2 password hashing algorithm hash locally stored password in the database. We are asking this as we are required to comply to IM8.
Thanks in advance.
1 Like
Hi @Zin and welcome! Nexus Repository Manager 3 uses the Apache Shiro library which uses SHA512 hashing along with 1024 iterations and random salt to ensure a secure hash.
Hi @mfrost, thank you for the reply! I just wanted to understand better on the Apache Shiro Library. Does the library/Nexus uses PBKDF2 specifically to hash the passwords or what algorithm is being used as an equivalent for hashing?
@Zin The algorithm is 1024 iterations of SHA512 and a random salt. If you look it up, it may be a way of doing PBKDF2, though not explicitly.