Briefly, this error occurs when Elasticsearch tries to use PBKDF2 for password hashing, but it’s not supported by the Java version in use. PBKDF2 is a password-based key derivation function. To resolve this issue, you can either upgrade your Java version to one that supports PBKDF2 or change the password hashing algorithm to one that is supported by your current Java version. Alternatively, you can use a custom password hasher if your application supports it.
This guide will help you check for common problems that cause the log ” Can’t use PBKDF2 for password hashing ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “Can’t use PBKDF2 for password hashing” class name is Hasher.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2withHMACSHA512");
PBEKeySpec keySpec = new PBEKeySpec(data.getChars(); salt; cost; PBKDF2_KEY_LENGTH);
result.put(Base64.getEncoder().encodeToString(secretKeyFactory.generateSecret(keySpec).getEncoded()));
return result.array();
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw new ElasticsearchException("Can't use PBKDF2 for password hashing"; e);
}
} private static boolean verifyPbkdf2Hash(SecureString data; char[] hash) {
// Base64 string length : (4*(n/3)) rounded up to the next multiple of 4 because of padding.
