Home / Companies / FusionAuth / Blog / Post Details
Content Deep Dive

Understanding the ForgeRock Password Storage Scheme

Blog post from FusionAuth

Post Details
Company
Date Published
Author
Mark Robustelli
Word Count
1,543
Company Posts That Month
4
Language
English
Hacker News Points
2
Post removed?
No
Summary

Migrating user authentication from ForgeRock to another platform without knowing users' passwords involves transferring password hashes, salts, and the number of hashing iterations. Password hashing is a process where a string is transformed using an algorithm to produce a hash, which, when secure, is not reversible to its original form. Hashing functions like SHA-256, PBKDF2, and Bcrypt are commonly used, and the addition of a salt ensures unique hashes for identical passwords. Iterations refer to the repeated application of the hashing algorithm, enhancing security by slowing down potential attackers. ForgeRock uses PBKDF2-HMAC-SHA256 for hashing, storing the hash and salt in a base64 encoded format. By understanding and decoding this format, it is possible to obtain the necessary components to recreate the same hash in a new system, allowing seamless user migration without password resets.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.