Syncope
  1. Syncope
  2. SYNCOPE-51

Remove MD5 as a supported password cipher algorithm

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.1.0
    • Component/s: None
    • Labels:
      None

      Description


      MD5 is currently used as the default password cipher algorithm. We should remove the ability to use MD5 and switch to using a more secure alternative.

      1. syncopeIssue51.patch
        46 kB
        Massimiliano Perrone

        Issue Links

          Activity

          Colm O hEigeartaigh created issue -
          Colm O hEigeartaigh made changes -
          Field Original Value New Value
          Assignee Colm O hEigeartaigh [ coheigea ]
          Colm O hEigeartaigh made changes -
          Assignee Colm O hEigeartaigh [ coheigea ]
          Francesco Chicchiriccò made changes -
          Link This issue relates to SYNCOPE-100 [ SYNCOPE-100 ]
          Francesco Chicchiriccò made changes -
          Fix Version/s 1.1.0-incubating [ 12322504 ]
          Massimiliano Perrone made changes -
          Assignee Massimiliano Perrone [ massi ]
          Hide
          Massimiliano Perrone added a comment -

          Please review patch

          Show
          Massimiliano Perrone added a comment - Please review patch
          Massimiliano Perrone made changes -
          Attachment syncopeIssue51.patch [ 12543275 ]
          Hide
          Bob Lannoy added a comment -

          in my proposed patch for Syncope-100 (https://issues.apache.org/jira/browse/SYNCOPE-100) I've proposed a configurable algorithm for the admin password like you can for users.

          Show
          Bob Lannoy added a comment - in my proposed patch for Syncope-100 ( https://issues.apache.org/jira/browse/SYNCOPE-100 ) I've proposed a configurable algorithm for the admin password like you can for users.
          Hide
          fabio martelli added a comment -

          Merged with SYNCOPE-100 and applied.

          Show
          fabio martelli added a comment - Merged with SYNCOPE-100 and applied.
          fabio martelli made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          Hudson added a comment -

          Integrated in Syncope-linux #264 (See https://builds.apache.org/job/Syncope-linux/264/)
          Fixes issue SYNCOPE-51 and SYNCOPE-100 special thanks to Bob and Massimiliano (Revision 1380190)

          Result = SUCCESS
          fmartelli :
          Files :

          • /incubator/syncope/trunk/archetype/src/main/resources/archetype-resources/core/src/main/resources
          • /incubator/syncope/trunk/archetype/src/main/resources/archetype-resources/core/src/main/resources/security.properties
          • /incubator/syncope/trunk/archetype/src/main/resources/archetype-resources/core/src/test/resources/security.properties
          • /incubator/syncope/trunk/client/src/main/java/org/apache/syncope/types/CipherAlgorithm.java
          • /incubator/syncope/trunk/core/pom.xml
          • /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
          • /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
          • /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/EncodePasswordCLI.java
          • /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/PasswordEncoder.java
          • /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
          • /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/workflow/NoOpUserWorkflowAdapter.java
          • /incubator/syncope/trunk/core/src/main/resources/content.xml
          • /incubator/syncope/trunk/core/src/main/resources/security.properties
          • /incubator/syncope/trunk/core/src/main/resources/securityContext.xml
          • /incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
          • /incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/security
          • /incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/security/PasswordEncoderTest.java
          • /incubator/syncope/trunk/core/src/test/resources/content.xml
          • /incubator/syncope/trunk/core/src/test/resources/security.properties
          • /incubator/syncope/trunk/pom.xml
          Show
          Hudson added a comment - Integrated in Syncope-linux #264 (See https://builds.apache.org/job/Syncope-linux/264/ ) Fixes issue SYNCOPE-51 and SYNCOPE-100 special thanks to Bob and Massimiliano (Revision 1380190) Result = SUCCESS fmartelli : Files : /incubator/syncope/trunk/archetype/src/main/resources/archetype-resources/core/src/main/resources /incubator/syncope/trunk/archetype/src/main/resources/archetype-resources/core/src/main/resources/security.properties /incubator/syncope/trunk/archetype/src/main/resources/archetype-resources/core/src/test/resources/security.properties /incubator/syncope/trunk/client/src/main/java/org/apache/syncope/types/CipherAlgorithm.java /incubator/syncope/trunk/core/pom.xml /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/EncodePasswordCLI.java /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/PasswordEncoder.java /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java /incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/workflow/NoOpUserWorkflowAdapter.java /incubator/syncope/trunk/core/src/main/resources/content.xml /incubator/syncope/trunk/core/src/main/resources/security.properties /incubator/syncope/trunk/core/src/main/resources/securityContext.xml /incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java /incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/security /incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/security/PasswordEncoderTest.java /incubator/syncope/trunk/core/src/test/resources/content.xml /incubator/syncope/trunk/core/src/test/resources/security.properties /incubator/syncope/trunk/pom.xml
          Hide
          Francesco Chicchiriccò added a comment -

          Bulk close for 1.1.0

          Show
          Francesco Chicchiriccò added a comment - Bulk close for 1.1.0
          Francesco Chicchiriccò made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          157d 21h 35m 1 fabio martelli 03/Sep/12 11:25
          Resolved Resolved Closed Closed
          213d 3h 37m 1 Francesco Chicchiriccò 04/Apr/13 15:02

            People

            • Assignee:
              Massimiliano Perrone
              Reporter:
              Colm O hEigeartaigh
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development