Briefly, this error occurs when the salt length used in the PBKDF2 (Password-Based Key Derivation Function 2) hashing algorithm is less than the minimum required length. The salt is a random value that’s used to prevent pre-computed rainbow table attacks. To resolve this issue, you should ensure that the salt length is at least the minimum required length. You can do this by generating a longer random value for the salt or by adjusting your code to meet the minimum salt length requirement.
This guide will help you check for common problems that cause the log ” PBKDF2 salt must be at least [” + PBKDF2_MIN_SALT_LENGTH_IN_BYTES + ” bytes] long ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, long.
Log Context
Log “PBKDF2 salt must be at least [” + PBKDF2_MIN_SALT_LENGTH_IN_BYTES + ” bytes] long” class name is Hasher.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
"PBKDF2 key length must be positive and multiple of [" + HMAC_SHA512_BLOCK_SIZE_IN_BITS + " bits]"
);
}
final byte[] saltBytes = Base64.getDecoder().decode(CharArrays.toUtf8Bytes(saltChars));
if (saltBytes.length < PBKDF2_MIN_SALT_LENGTH_IN_BYTES) {
throw new ElasticsearchException("PBKDF2 salt must be at least [" + PBKDF2_MIN_SALT_LENGTH_IN_BYTES + " bytes] long");
}
char[] computedPwdHash = null;
try {
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2withHMACSHA512");
PBEKeySpec keySpec = new PBEKeySpec(data.getChars(); saltBytes; iterations; keyLength);
