getDigestHash() deprecated

[Skip <sk...@thedevers.org>]

HashCrypt.getDigestHash() has been deprecated in favor of cryptPassword
which uses a salt.  That is a good thing.

I am upgrading a 9.x ofbiz version to 12.04.  We have hundreds of old
unsalted passwords in the db.  Is there a service to replace these old
unsalted password hashs with the new salted ones?

Thanks

Skip

Re: getDigestHash() deprecated

[Paul Foxworthy <pa...@cohsoft.com.au>]

Hi Skip,

Sorry, can't be done. A hashed password can't be decrypted, which is usually
a good thing, so there is no way to retrieve the existing password, add a
salt, and calculate the new hash. All I can suggest is you automatically set
a starting password, and turn on the "Require Password Change", so they will
enter a password the first time they sign on, which will be salted. The
starting password should be different for each user, and you need to find a
secure way of communicating it to them.

It really is better security once it's done, but it will be an annoyance
during the transition to a newer OFBiz.

Cheers

Paul Foxworthy


SkipDever wrote
> HashCrypt.getDigestHash() has been deprecated in favor of cryptPassword
> which uses a salt.  That is a good thing.
> 
> I am upgrading a 9.x ofbiz version to 12.04.  We have hundreds of old
> unsalted passwords in the db.  Is there a service to replace these old
> unsalted password hashs with the new salted ones?
> 
> Thanks
> 
> Skip





-----
--
Coherent Software Australia Pty Ltd
http://www.coherentsoftware.com.au/

Bonsai ERP, the all-inclusive ERP system
http://www.bonsaierp.com.au/

--
View this message in context: http://ofbiz.135035.n4.nabble.com/getDigestHash-deprecated-tp4641244p4641329.html
Sent from the OFBiz - User mailing list archive at Nabble.com.