You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Certain realms store user credentials in memory. To limit exposure
to credential theft and mitigate credential compromise, the cache only stores
a hashed version of the user credentials in memory. By default, the user cache
is hashed with a salted sha-256 hash algorithm. You can use a different
hashing algorithm by setting the cache.hash_algo realm settings to any of the
following values:
Table 1. Cache hash algorithms
Algorithm
Description
ssha256
Uses a salted sha-256 algorithm (default).
md5
Uses MD5 algorithm.
sha1
Uses SHA1 algorithm.
bcrypt
Uses bcrypt algorithm with salt generated in 1024 rounds.
bcrypt4
Uses bcrypt algorithm with salt generated in 16 rounds.
bcrypt5
Uses bcrypt algorithm with salt generated in 32 rounds.
bcrypt6
Uses bcrypt algorithm with salt generated in 64 rounds.
bcrypt7
Uses bcrypt algorithm with salt generated in 128 rounds.
bcrypt8
Uses bcrypt algorithm with salt generated in 256 rounds.
bcrypt9
Uses bcrypt algorithm with salt generated in 512 rounds.
pbkdf2
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 10000 iterations.
pbkdf2_1000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 1000 iterations.
pbkdf2_10000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 10000 iterations.
pbkdf2_50000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 50000 iterations.
pbkdf2_100000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 100000 iterations.
pbkdf2_500000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 500000 iterations.
pbkdf2_1000000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 1000000 iterations.
noop,clear_text
Doesn’t hash the credentials and keeps it in clear text in
memory. CAUTION: keeping clear text is considered insecure
and can be compromised at the OS level (for example through
memory dumps and using ptrace).
Likewise, realms that store passwords hash them using cryptographically strong
and password-specific salt values. You can configure the algorithm for password
hashing by setting the xpack.security.authc.password_hashing.algorithm setting
to one of the following:
Table 2. Password hashing algorithms
Algorithm
Description
bcrypt
Uses bcrypt algorithm with salt generated in 1024 rounds. (default)
bcrypt4
Uses bcrypt algorithm with salt generated in 16 rounds.
bcrypt5
Uses bcrypt algorithm with salt generated in 32 rounds.
bcrypt6
Uses bcrypt algorithm with salt generated in 64 rounds.
bcrypt7
Uses bcrypt algorithm with salt generated in 128 rounds.
bcrypt8
Uses bcrypt algorithm with salt generated in 256 rounds.
bcrypt9
Uses bcrypt algorithm with salt generated in 512 rounds.
bcrypt10
Uses bcrypt algorithm with salt generated in 1024 rounds.
bcrypt11
Uses bcrypt algorithm with salt generated in 2048 rounds.
bcrypt12
Uses bcrypt algorithm with salt generated in 4096 rounds.
bcrypt13
Uses bcrypt algorithm with salt generated in 8192 rounds.
bcrypt14
Uses bcrypt algorithm with salt generated in 16384 rounds.
pbkdf2
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 10000 iterations.
pbkdf2_1000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 1000 iterations.
pbkdf2_10000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 10000 iterations.
pbkdf2_50000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 50000 iterations.
pbkdf2_100000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 100000 iterations.
pbkdf2_500000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 500000 iterations.
pbkdf2_1000000
Uses PBKDF2 key derivation function with HMAC-SHA512 as a
pseudorandom function using 1000000 iterations.