Configurable salt length

[res13]

Is your feature request related to a problem? Please describe.
In a situation where there are different remote java repositories for the same company, I would like to standardize all the password hashing algorithms among them. My goal is that all of them use password4j. I manage the property file (psw4j.properties) and they manage their code. Currently, the salt length can only be changed via code (not via properties), which can lead to inconsistencies between repositories.

Describe the solution you'd like
I would like to be able to have the salt length a configurable property like global.salt.length=16 which is used in the class SaltGenerator.

Describe alternatives you've considered

• I could use the default (hardcoded) length of 64 but that is a bit too long for my taste.
• I would need to make sure that each remote dev team uses the same length by clear communication and in-depth code review (which is a lot more work for me).

Additional context
great library by the way, huge fan!

[firaja]

Hello @res13,

I put this request in the roadmap for 1.6.4.

If you want you can create a pull request with that feature. I will be happy to review it.
If you need help you can ask here, but you can follow what has been done for PepperGenerator#get().

[ishu-thakur]

Hi @firaja , I would like to work on this issue .

[firaja]

@ishu-thakur assigned.

Remember to check code coverage produced by jacoco.

[ishu-thakur]

Hi @firaja i have raised the PR .Please go through it and if any changes required in it , i will be happy to do it :)

[ishu-thakur]

Hi @firaja I have debugged the code and i found that while running mvn -X clean test there are two testcase failures in the com.password4j.PasswordTest

1. testBanner2 = java.lang.AssertionError.
2. testGenericUpdate1 = java.lang.UnsupportedOperationException: PBKDF2WithHmacSHA256 is not a valid algorithm.
   But the weird thing is when I'm running passwordTest test class separately then all testcases passed .

[firaja]

@ishu-thakur Can you please open a new issue with the full stack trace of both failing tests?
Also details about your environment (OS, Java version, etc.) will be very appreciated, thank you.

We will discuss the problem in a different thread so this can be closed once you push the changes requested in PR #98

[firaja]

Hi @res13
The feature will be deployed within the next release (1.7.0).
If you want to use it before the release you can use the version in master branch.

[firaja]

@res13 the feature is public under version 1.7.0.

You can use global.salt.length to define the length of salts.