Upgrade the users hashing algorithm type - Githubissues

Open-Up / workshop-ifi-27-07-2018

Guiding IFI students on their way to their first free software contributions....

0 stars 3 forks source link

Upgrade the users hashing algorithm type #7

Open chibenwa opened 5 years ago

chibenwa commented 5 years ago

See https://issues.apache.org/jira/browse/JAMES-1677

User data models use different hashing algorithms: JPA -> MD5 JDBC -> SHA Cassandra -> SHA1 HBase -> MD5 Memory -> MD5 JCR -> MD5

There are lots of hashing discussions such as http://stackoverflow.com/questions/20186354/best-practice-of-hashing-passwords/20186472#20186472 https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet https://en.wikipedia.org/wiki/SHA-2 http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

I offer SHA-256 for all user data models.

P.S: Not exactly related but Google Chrome does not allow SHA1 at next year. http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html

Mongetro commented 5 years ago

A Djalil et me(Goint), we are working on this project.