ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "wangjunyuan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9150) Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
Date Mon, 19 Dec 2016 07:31:59 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15760451#comment-15760451
] 

wangjunyuan commented on OFBIZ-9150:
------------------------------------

I would like to continue this task,I will submit this patch at the end of the month before.


> Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
> ------------------------------------------------------------------
>
>                 Key: OFBIZ-9150
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9150
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>            Reporter: Jacques Le Roux
>            Priority: Minor
>
> Currently we use SHA1 for our OOTB passwords hashes and they are not salted.  If you
create new passwords they will still use SHA1 but they will be salted, which is good.
> But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use SHA-512 as
default encrypting method (even for fields), with at least 10 000 iterations, to lead our
users to the best solution.
> We should also provide a simple and easy documentation about that. So far we have this
discussion http://markmail.org/message/yqybsqzigrqbyxgf
> I suggest to improve/enhance https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message