Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description

The Digizuite™ DAM Center stores user passwords using a FIPS & NIST compliant Password Hashing algorithm by default.
The underlying key derivation function introduces "workfactor" and "pepper" variables.
Out of the box, these variables may be specified in the web.config of the Dmm3BWSV3 service.

...

Note: 
Specifying high Workfactor and / or Pepper does not invalidate general best practices regarding password length and complexity!

Configuration

By default, you can specify password hashing configuration in the Dmm3BWSV3 web.config file.
You do not have to setup this configuration as it would default to the above values. However if you specify this section, the "workfactor" attribute is required, the pepper is not. 
 

...