Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-1677

Upgrade the users hashing algorithm type

    Details

      Description

      User data models use different hashing algorithms:
      JPA -> MD5
      JDBC -> SHA
      Cassandra -> SHA1
      HBase -> MD5
      Memory -> MD5
      JCR -> MD5

      There are lots of hashing discussions such as http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472
      https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
      https://en.wikipedia.org/wiki/SHA-2
      http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

      I offer SHA-256 for all user data models.

      P.S: Not exactly related but Google Chrome does not allow SHA1 at next year.
      http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              akaplan Ahmet Kaplan
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: