syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: [DISCUSS] - Change default password algorithm for 2.1.0
Date Fri, 14 Jul 2017 09:54:49 GMT
OK thanks. Well I'd say that "SSHA256" would be best, WDYT?

BTW I'm a bit dubious about "SECRET_KEY = DEFAULT_SECRET_KEY;" in
Encryptor. If SECRET_KEY is null we should probably throw an exception...

Colm.

On Fri, Jul 14, 2017 at 10:48 AM, Francesco Chicchiriccò <
ilgrosso@apache.org> wrote:

> On 14/07/2017 11:45, Colm O hEigeartaigh wrote:
>
>> How does the salt configuration work for "SSHA256"? Is it stored in
>> security.properties?
>>
>
> Password values are encrypted by
>
> https://github.com/apache/syncope/blob/master/core/spring/
> src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
>
> with configuration from security.properties
>
> Regards.
>
> On Fri, Jul 14, 2017 at 10:41 AM, Francesco Chicchiriccò <
>> ilgrosso@apache.org> wrote:
>>
>> On 14/07/2017 11:40, Colm O hEigeartaigh wrote:
>>>
>>> I guess SHA-256 would be a straightforward replacement. Maybe we should
>>>> instead move to a salted hash though?
>>>>
>>>> Well, just set your preference among
>>>
>>> https://github.com/apache/syncope/blob/master/common/lib/
>>> src/main/java/org/apache/syncope/common/lib/types/CipherAlgorithm.java
>>>
>>> :-)
>>>
>>> Regards.
>>>
>>>
>>> On Fri, Jul 14, 2017 at 9:52 AM, Francesco Chicchiriccò <
>>>
>>>> ilgrosso@apache.org> wrote:
>>>>
>>>> On 14/07/2017 10:48, Colm O hEigeartaigh wrote:
>>>>
>>>>> Should we change the default password algorithm from SHA1 for 2.1.0?
>>>>> It's
>>>>>
>>>>>> probably time to migrate from SHA1 IMO.
>>>>>>
>>>>>> Makes sense.
>>>>>>
>>>>> The only problem I could see if when pulling hashed password values
>>>>> from
>>>>> LDAP, where SHA1 is still quite common. Not a big deal, anyway.
>>>>>
>>>>> Which algorithm do you propose?
>>>>>
>>>>> Regards.
>>>>>
>>>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message