Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-1532

JPAUser database field too short for SHA-512 password hashes

    XMLWordPrintableJSON

    Details

      Description

      The configuration supports setting the hash algorithm for user passwords to SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, because the field is too short.
      http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java sets the field length to 100:
      /** Hashed password */
      @Basic
      @Column(name = "PASSWORD", nullable = false, length = 100)
      private String password;

      The password hashes are hex encoded before they are stored to the database, so SHA-512 hashes take up (512/8)*2 = 128 characters.

        Attachments

          Activity

            People

            • Assignee:
              eric@apache.org Eric Charles
              Reporter:
              stacke Sebastian Tacke
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: