ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9150) Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
Date Sun, 18 Dec 2016 17:46:58 GMT
Jacques Le Roux created OFBIZ-9150:
--------------------------------------

             Summary: Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
                 Key: OFBIZ-9150
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9150
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
            Reporter: Jacques Le Roux
            Priority: Minor


Currently we use SHA1 for our OOTB passwords hashes and they are not salted.  If you create
new passwords they will still use SHA1 but they will be salted, which is good.

But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use SHA-512 as default
encrypting method (even for fields), with at least 10 000 iterations, to lead our users to
the best solution.

We should also provide a simple and easy documentation about that. So far we have this discussion
http://markmail.org/message/yqybsqzigrqbyxgf
I suggest to improve/enhance https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message