GeneratePBKDFKey algorithms

apenhorwood · February 7, 2020, 12:59pm

I am in the process of revisiting all of my crypto / security routines which caused me to come upon the function GeneratePBKDFKey(). Currently only the algorithm PBKDF2WithHmacSHA1 is supported. I reviewed the code on github and the documentation. These two items are not in-sync. There are a number of other algorithms listed in the documentation.

PBKDF2WithSHA1
PBKDF2WithSHA224
PBKDF2WithSHA256
PBKDF2WithSHA384
PBKDF2WithSHA512

According to this ticket LDEV-256 the reason was the security provider did not support more algorithms.

My question is this still the case? Doesn’t Bouncy Castle handle most of these functions and offer other options like Argon2?

apenhorwood · February 7, 2020, 1:05pm

According to the Adobe ColdFusion docs for GeneratePBKDFKey CF11 supports a number of algorithms on standard and enterprise versions.

Zackster · February 7, 2020, 1:37pm

Can you file a new bug in jira and link it back to the old task, add the label acf-compat too?

Looks like bouncycastle needs updating too, current version is 1.52.0 from 2016, latest is 1.64.0, released October 7th 2019. https://www.bouncycastle.org/releasenotes.html

apenhorwood · February 7, 2020, 3:15pm

Tickets created:

[LDEV-2682] - Lucee - add Algorithms to GeneratePBKDFKey
https://luceeserver.atlassian.net/browse/LDEV-2683 - update Bouncy Castle