syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: [DISCUSS] - Change default password algorithm for 2.1.0
Date Fri, 14 Jul 2017 09:40:26 GMT
I guess SHA-256 would be a straightforward replacement. Maybe we should
instead move to a salted hash though?

Colm.

On Fri, Jul 14, 2017 at 9:52 AM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:

> On 14/07/2017 10:48, Colm O hEigeartaigh wrote:
>
>> Should we change the default password algorithm from SHA1 for 2.1.0? It's
>> probably time to migrate from SHA1 IMO.
>>
>
> Makes sense.
> The only problem I could see if when pulling hashed password values from
> LDAP, where SHA1 is still quite common. Not a big deal, anyway.
>
> Which algorithm do you propose?
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message