You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Chris Snow <sn...@snowconsulting.co.uk> on 2009/10/06 15:49:45 UTC

encrypted entity data is insecure?

It looks as though no salt data is used when saving encrypted entity 
data making the stored data susceptible to dictionary attacks, for 
details see:

http://en.wikipedia.org/wiki/Salt_(cryptography)

Re: encrypted entity data is insecure?

Posted by Chris Snow <sn...@snowconsulting.co.uk>.

Jira raised:

https://issues.apache.org/jira/browse/OFBIZ-3006


> It looks as though no salt data is used when saving encrypted entity
> data making the stored data susceptible to dictionary attacks, for
> details see:
>
> http://en.wikipedia.org/wiki/Salt_(cryptography)
>
>