You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Sebastian Tacke (JIRA)" <se...@james.apache.org> on 2013/12/16 14:39:09 UTC
[jira] [Updated] (JAMES-1532) JPAUser database field too short for
SHA-512 password hashes
[ https://issues.apache.org/jira/browse/JAMES-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebastian Tacke updated JAMES-1532:
-----------------------------------
Description:
The configuration supports setting the hash algorithm for user passwords to SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, because the field is too short.
http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java sets the field length to 100:
/** Hashed password */
@Basic
@Column(name = "PASSWORD", nullable = false, length = 100)
private String password;
The password hashes are hex encoded before they are stored to the database, so SHA-512 hashes take up (512/8)*2 = 128 characters.
was:
The configuration supports setting the hash algorithm for user passwords to SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, because the field is too short.
[JPAUser|http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java] sets the field length to 100:
{code}/** Hashed password */
@Basic
@Column(name = "PASSWORD", nullable = false, length = 100)
private String password;{code}
The password hashes are hex encoded before they are stored to the database, so SHA-512 hashes take up (512/8)*2 = 128 characters.
> JPAUser database field too short for SHA-512 password hashes
> ------------------------------------------------------------
>
> Key: JAMES-1532
> URL: https://issues.apache.org/jira/browse/JAMES-1532
> Project: James Server
> Issue Type: Bug
> Components: UsersStore & UsersRepository
> Affects Versions: 3.0-beta4
> Reporter: Sebastian Tacke
> Labels: password
>
> The configuration supports setting the hash algorithm for user passwords to SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, because the field is too short.
> http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java sets the field length to 100:
> /** Hashed password */
> @Basic
> @Column(name = "PASSWORD", nullable = false, length = 100)
> private String password;
> The password hashes are hex encoded before they are stored to the database, so SHA-512 hashes take up (512/8)*2 = 128 characters.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org