While Cúram doesn't specify one out-of-the-box, specifying a salt for digested passwords provides an additional level of protection against brute-force attacks.
To specify a salt for your digested passwords:
- Choose a sufficiently long and random string.
- Encrypt this string using the Ant encrypt target (as documented in the Cúram Server Developer's Guide).
- Place the encrypted string in a file.
- Specify the location of the file containing the encrypted salt string using the curam.security.crypto.digest.salt.location property in CryptoConfig.properties and ensure that any deployed CryptoConfig.jar files reflect the updated settings.
For manageability you should make these changes in conjunction with the steps in How to Utilize the Superseded Digest Settings for a Period of Migration.