db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Mon, 21 Dec 2009 09:20:18 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793125#action_12793125
] 

Knut Anders Hatlen commented on DERBY-4483:
-------------------------------------------

One possibility for allowing changing hash algorithm at runtime, is to store the name of the
algorithm along with the hash. Something like

  sha256:ad6f438f529e021f62b3c97be2b34c3b73dd444334de08fcaa7f54fd302fb92d
  md5:3865ab6a65c2d5a3be1733b4408d7b74
  ...

Then, when you change the algorithm, you'll only use the new algorithm for passwords created/updated
after the change, and the authentication service would know which hash algorithm to use for
each user. If no algorithm name is specified, we could fall back to the SHA-1 algorithm to
stay compatible with old databases.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Priority: Minor
>
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message