[JAMES-1677] Upgrade the users hashing algorithm type - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: UsersStore & UsersRepository
Labels:
- easyfix
- security

Description

User data models use different hashing algorithms:
JPA -> MD5
JDBC -> SHA
Cassandra -> SHA1
HBase -> MD5
Memory -> MD5
JCR -> MD5

There are lots of hashing discussions such as http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
https://en.wikipedia.org/wiki/SHA-2
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

I offer SHA-256 for all user data models.

P.S: Not exactly related but Google Chrome does not allow SHA1 at next year.
http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Ahmet Kaplan

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Jan/16 19:44

Updated:: 09/Oct/20 10:45

Resolved:: 09/Oct/20 10:45