incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <j...@apache.org>
Subject [jira] Created: (JSPWIKI-20) Password hash should be salted
Date Sun, 04 Nov 2007 19:37:50 GMT
Password hash should be salted
------------------------------

                 Key: JSPWIKI-20
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-20
             Project: JSPWiki
          Issue Type: Improvement
          Components: Security
    Affects Versions: 2.5.139-beta
            Reporter: Janne Jalkanen


The password hash is calculated as a direct SHA1-digest of the password.  Unfortunately this
means that it's vulnerable to brute-force attacks - there are many web sites which store SHA1
hashes of common passwords.  The key space in most languages is pretty small... So the password
should really be properly salted with preferably a long, random string.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message