Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-100

Add more password encryption options

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.1.0
    • Component/s: None
    • Labels:

      Description

      It would be best to add other password mechanisms that include salting and stretching of passwords (see links).
      This would mean that an extra attribute has to be added to the user (salt) which can be used for that purpose.
      You would be able to keep the old ones for backward compatibility and include new ones which are a lot safer. Apparently PBKDF2 is considered a secure mechanism.

      Some reading material:
      https://www.owasp.org/index.php/Hashing_Java
      http://jerryorr.blogspot.be/2012/05/secure-password-storage-lots-of-donts.html
      http://throwingfire.com/storing-passwords-securely/

      Jasypt (http://www.jasypt.org/) provides all the things mentioned in the articles, such as hashing,
      salting and iteration out of the box, and is also AL 2.0 licensed.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fmartelli fabio martelli
                Reporter:
                ilgrosso Francesco Chicchiriccò
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: