You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2020/01/09 08:44:00 UTC
[jira] [Commented] (OFBIZ-9150) Create a tool to hashes all our
OOTB passwords using PBKDF2_SHA512
[ https://issues.apache.org/jira/browse/OFBIZ-9150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17011554#comment-17011554 ]
Jacques Le Roux commented on OFBIZ-9150:
----------------------------------------
Hi Junyuan,
What is the status here?
> Create a tool to hashes all our OOTB passwords using PBKDF2_SHA512
> ------------------------------------------------------------------
>
> Key: OFBIZ-9150
> URL: https://issues.apache.org/jira/browse/OFBIZ-9150
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Reporter: Jacques Le Roux
> Priority: Minor
>
> Currently we use SHA1 for our OOTB passwords hashes and they are not salted. If you create new passwords they will still use SHA1 but they will be salted, which is good.
> But we should better provide SHA-512 OOTB hashes instead of SHA-1. And use SHA-512 as default encrypting method (even for fields), with at least 10 000 iterations, to lead our users to the best solution.
> We should also provide a simple and easy documentation about that. So far we have this discussion http://markmail.org/message/yqybsqzigrqbyxgf
> I suggest to improve/enhance https://cwiki.apache.org/confluence/display/OFBIZ/How+to+secure+your+deployment
--
This message was sent by Atlassian Jira
(v8.3.4#803005)