Open chibenwa opened 5 years ago
See https://issues.apache.org/jira/browse/JAMES-1677
User data models use different hashing algorithms: JPA -> MD5 JDBC -> SHA Cassandra -> SHA1 HBase -> MD5 Memory -> MD5 JCR -> MD5
There are lots of hashing discussions such as http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472 https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet https://en.wikipedia.org/wiki/SHA-2 http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
I offer SHA-256 for all user data models.
P.S: Not exactly related but Google Chrome does not allow SHA1 at next year. http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
A Djalil et me(Goint), we are working on this project.
See https://issues.apache.org/jira/browse/JAMES-1677
User data models use different hashing algorithms: JPA -> MD5 JDBC -> SHA Cassandra -> SHA1 HBase -> MD5 Memory -> MD5 JCR -> MD5
There are lots of hashing discussions such as http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472 https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet https://en.wikipedia.org/wiki/SHA-2 http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
I offer SHA-256 for all user data models.
P.S: Not exactly related but Google Chrome does not allow SHA1 at next year. http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html